According to most statistics, ransomware attacks decreased almost 30% over the past 12 months. Apparently, good news, but there’s a catch, as the “market” has more room for even more sophisticated ransomware variants. It is exactly what happened, the number of attacks dropped, but the level of complexity among the new variants increased. Many factors […]
Test subject – BTCWare ransomware, “shadow” extension The BTCWare family is a very active player in the ransomware world. Almost every month new variants are discovered, and although older versions are now possible to decrypt, the newly released variants use strong encryption algorithms to corrupt files and are impossible to recover. This particular variant is […]
Test subject – Arena ransomware, a variant of Crysis / Dharma The .Arena ransomware marks a comeback for the Crysis/Dharma ransomware family. According to Michael Gillespie, the distribution method is not yet known, but most probably follows the pattern of the Crysis family, which used to be installed manually after successfully compromising the Remote Desktop Protocol. Once executed the ransomware appends […]
Test subject – Loky Lukitus ransomware The Lukitus Loki variant is part of a new campaign following the “diablo” variant and is distributed via email campaigns containing malicious scripts either as office files or zip archives. One interesting feature of this variant, similar to the CryptoWall functionality, is that of scrambling files to make recovery even more difficult. […]
Test subject – GlobeImposter ransomware This GlobeImposter ransomware is delivered as a java script via email campaigns and bypasses classic antivirus detection technologies. It has been maintaining a very low detection rate on Virustotal.com for several days. At the time of our live test, this variant was a top contributor to the latest ransomware incidents, according to the Bleeping […]
Test subject – Oxar, a HiddenTear variant Oxar is a HiddenTear variant with a highly destructive potential. It features anti-debugging characteristics like protected memory zones, as well as environmental awareness to identify Sandobx environments. The ransomware encrypts user data into new files with the “.OXR” extension, and then removes the original. It demands a Bitcoin […]
Temasoft Labs is a particular mixture between humans and machines, very similar to a microbiology laboratory. They both do the same thing, search and analyze disease-causing microorganisms because this is the first step in fighting this particular type of infectious agent: ransomware. Just like their biological counterparts, ransomware attacks IT infrastructure of any kind and […]