Ranstop protects files against the “.Osiris” variant of Locky – Temasoft Lab Demo

Case subject – A Locky variant nicknamed “.Osiris” (Virustotal details) For this test, the TEMASOFT Research Lab Team let loose one of the latest Locky variants, which features many improvements regarding speed, obfuscation, and strength of the cryptography. The malware uses multiple processes to ensure coverage for as many files as possible and usually gets […]

Ranstop blocks Spora ransomware and restores affected files, while most anti-virus products fail to detect this new ransomware – Temasoft Lab Demo

Case subject – Spora “replacer” ransomware (Virustotal details) For today’s exercise, the Temasoft Research Lab Team focused on a new and intriguing ransomware variant: Spora. This ransomware is interesting because it is what the security community calls a “replacer,” exhibiting a different and more complex behavior than typical ransomware. We have run the malware sample […]

Ranstop blocks a Graftor screen locker ransomware variant – Temasoft Lab Demo

Case subject – A Graftor screen locker variant (Virustotal details) Following up on the Beta 2 release of TEMASOFT Ranstop, featuring screen locker protection, our Research Lab Team staged a demo to assess the effectiveness of the new security feature. For this exercise, we got hold of a Graftor screen locker variant to tested out […]

Ransomware incapacitates town government and affects the 911 service

Ransomware is one of the most significant threats to nowadays IT systems because it has an outstanding potential of generating untraceable revenue for the cyber criminals, over relatively short periods of time. No other type of malware can challenge its position in this respect. For the victims, ransomware comes with downtime, concern, the effort to […]

Ranstop blocks a CryptoLocker variant – Temasoft Lab Demo

Case subject – A CryptoLocker variant (Virustotal details) During this test, the TEMASOFT Research Lab Team used an isolated network to run a live ransomware. The payload is a variant of CryptoLocker that arrives as an executable which displays a standard “folder” icon, to trick users into clicking on it. Once clicked the executable asks […]

New ransomware attacks databases instead of files in large scale attack

Up until recently, ransomware was targeting document and image files, as they usually hold information that is needed by the victims. Most ransomware families had hard-coded detection of such files for the purpose of rendering them unusable.  Some ransomware families rely on volume encryption and would encrypt everything, after first having disabled the operating system […]

New ransomware distribution model: Infect two “friends”, unlock your files for free

In our previous blogs, we have looked at ways through which ransomware moves from being malware used by cyber criminals to extort money from victims to becoming a service that can be rented by anybody who wants to launch such attacks (read more here). This evolution allows ransomware service providers increase their revenues with least effort by […]

Should open source ransomware be banned?

Ransomware has been a growing concern since the last couple of years as the rate and cost of the related incidents saw major increases year over year. In response, NGOs, journalists, and security vendors started to educate the public in this respect. Various security companies invest effort and time in building solutions that would help […]

Ransomware-as-a-service expected to highly increase the number of cyber criminals

Until recently, ransomware attacks used to be carried out by highly skilled, well-motivated professional cyber attackers. The primary purpose was to obtain money in the form of ransom paid in bitcoins in untraceable transactions. But not anymore. Ransomware attacks became available to unskilled, malicious persons as well under the form of ransomware-as-a-service. Find out about […]

EHR adoption is slow for a reason – Ransomware attack forces three hospitals to cancel operations

Almost 3,000 patient appointments and several operations were canceled at three hospitals after a cyber attack involving a variant of Globe 2 ransomware, confirming once again the importance of the ransomware threat to Healthcare and, consequently, the justified reluctance to moving to EHR entirely. The hospitals impacted in this incident were part of the “Northern […]