Ranstop blocks OnyxLocker ransomware

Ransomware test subject – OnyxLocker Lately, we’ve been writing about ransomware, which exploited weak systems and networks, so this time, we’re focusing on malware, which exploits the user and its awareness. Today’s ransomware is called OnyxLocker, and it targets Russian speakers. It is actively distributed using malware campaigns, emails containing malicious attachments, accompanied by text […]

Ranstop blocks TFlower ransomware

Ransomware test subject – TFlower TFlower ransomware is targeting businesses as we speak. Hackers are infiltrating poorly secured infrastructures or services and manually execute the malware. We’ve seen this kind of attack increase lately, and there are legitimate reasons to worry. Just today, a Danish hearing aid manufacturer announced that they might end up losing […]

Ranstop blocks Eva Richter (Ordinypt) ransomware

Ransomware test subject – Eva Richter (Ordinypt) German speakers were recently hit by a series of malware campaigns, distributing fake ransomware. We call it fake because even though it destroys user files, the victim cannot recover its files, even if the ransom is paid. The campaign starts with an email, received from somebody named ‘Eva […]

Nemty ransomware attack blocked by Ranstop

Ransomware test subject – Nemty Nemty is a relatively new ransomware, spotted at the end of the last month, and has seen a few iterations since its appearance. The very first variant had references to the Russian president and antivirus. More precisely, the code contained a link pointing to a picture of the Russian president […]

Ranstop blocks Phobos ransomware

Ransomware test subject – Phobos Phobos appeared on the ransomware scene late 2018 – early 2019, and since then, the developers released more than 50 variants, making the family one of the most active of this year. The malware itself is closely related to Dharma (or CrySis), and we can only assume that the actors […]

GetCrypt ransomware analysis – TEMASOFT Labs

Ransomware test subject – GetCrypt GetCrypt is a recently released ransomware, distributed using malware campaigns, which redirect users to the RIG exploit kit, finally detonating the payload, the ransomware itself. It attacks vulnerable Windows PCs set to any language, except Russian, Ukrainian and a few others, probably pointing to its origins while doing so. GetCrypt […]

Ranstop stops Sodinokibi ransomware

Ransomware test subject – Sodinokibi A very serious vulnerability (CVE-2019-2725), with a CVSS score of 9.8 (out of 10) affected a few versions of Oracle’s WebLogic servers. The vulnerability allowed the attackers to remotely download and execute malware – without authentication – like this ransomware, called Sodinokibi, affecting businesses and disrupting operations. What this really […]

Ranstop blocks RYUK ransomware

Ransomware test subject – RYUK $400.000 were paid last month by the officials of Jackson County (Georgia) to recover their files after a RYUK ransomware variant hit their IT infrastructure. Except for the 911 emergency service and their website, everything went down, paralyzing activities and forcing everybody to carry out operations the old way, on […]

Ranstop blocks Yatron ransomware

Ransomware test subject – Yatron A few days ago a new ransomware emerged, called Yatron. The cybercriminal did not just stop here, but also developed a platform to sell the ransomware to others willing to distribute it, a method called “ransomware as a service”. Basically, anybody can buy a personalized version of the malware and […]

Ranstop blocks Jcry ransomware

Ransomware test subject – Jcry At the beginning of this month, a new ransomware campaign was launched targeting hundreds of Israeli websites. The attack used a popular website accessibility plugin to distribute the malware, modifying some data so that instead of the plugin, a malware payload is downloaded on the victim’s machine as soon as […]