GetCrypt ransomware analysis – TEMASOFT Labs

Ransomware test subject – GetCrypt GetCrypt is a recently released ransomware, distributed using malware campaigns, which redirect users to the RIG exploit kit, finally detonating the payload, the ransomware itself. It attacks vulnerable Windows PCs set to any language, except Russian, Ukrainian and a few others, probably pointing to its origins while doing so. GetCrypt […]

Ranstop stops Sodinokibi ransomware

Ransomware test subject – Sodinokibi A very serious vulnerability (CVE-2019-2725), with a CVSS score of 9.8 (out of 10) affected a few versions of Oracle’s WebLogic servers. The vulnerability allowed the attackers to remotely download and execute malware – without authentication – like this ransomware, called Sodinokibi, affecting businesses and disrupting operations. What this really […]

Ranstop blocks RYUK ransomware

Ransomware test subject – RYUK $400.000 were paid last month by the officials of Jackson County (Georgia) to recover their files after a RYUK ransomware variant hit their IT infrastructure. Except for the 911 emergency service and their website, everything went down, paralyzing activities and forcing everybody to carry out operations the old way, on […]

Ranstop blocks Yatron ransomware

Ransomware test subject – Yatron A few days ago a new ransomware emerged, called Yatron. The cybercriminal did not just stop here, but also developed a platform to sell the ransomware to others willing to distribute it, a method called “ransomware as a service”. Basically, anybody can buy a personalized version of the malware and […]

Ranstop blocks Jcry ransomware

Ransomware test subject – Jcry At the beginning of this month, a new ransomware campaign was launched targeting hundreds of Israeli websites. The attack used a popular website accessibility plugin to distribute the malware, modifying some data so that instead of the plugin, a malware payload is downloaded on the victim’s machine as soon as […]

Ranstop stops Clop ransomware

Ransomware test subject – Clop New ransomware emerged these days called “Clop”. There’s no proven link between Clop and any other known ransomware families, although the dropped ransom note is similar with a few of them. The cybercriminals encourage the victims to contact them as soon as possible using the two email addresses (servicedigilogos@protonmail.com and […]

Ranstop blocks LockerGoga ransomware

Test subject – LockerGoga ransomware The French-based engineering research and consulting firm “Altran Technologies ” was hit by a ransomware on the 24th of January. The attack spread through their network, including offices located in other countries, because of the opened network connections and shared folders mounted on the attacked systems. Altran took immediate actions, […]

Ranstop blocks Troldesh-Shade ransomware

Test subject – Troldesh/Shade ransomware This is a 0-day variant of Troldesh/Shade ransomware. The ransomware family has a five-year history and has seen many improvements since the first version. It’s typically distributed via email campaigns, weaponizing office documents, using social engineering to manipulate users. The cybercriminals use WordPress/Drupal/Joomla based websites to host their payload, hacking […]

Ranstop blocks Gerber ransomware

Test subject – Gerber ransomware Distributed via spam email campaigns and malicious links, Gerber is back with a new variant, after a very busy December. At least 5 variants were discovered only this month and no decrypting tools were released for any of them. All variants target all versions of Windows, encrypting files using AES-265 […]

Ranstop blocks Delphimorix ransomware

Test subject – Delphimorix ransomware Delphimorix is a new ransomware, emerged at the end of the last month. Since then, in just a couple of weeks, the authors released a few new variants, changing the ransom note but little in the code itself. At first, they demanded 101 Bitcoins to recover the files, but with […]