Posts

Nemty ransomware attack blocked by Ranstop

Ransomware test subject – Nemty Nemty is a relatively new ransomware, spotted at the end of the last month, and has seen a few iterations since its appearance. The very first variant had references to the Russian president and antivirus. More precisely, the code contained a link pointing to a picture of the Russian president […]

Ranstop blocks Phobos ransomware

Ransomware test subject – Phobos Phobos appeared on the ransomware scene late 2018 – early 2019, and since then, the developers released more than 50 variants, making the family one of the most active of this year. The malware itself is closely related to Dharma (or CrySis), and we can only assume that the actors […]

GetCrypt ransomware analysis – TEMASOFT Labs

Ransomware test subject – GetCrypt GetCrypt is a recently released ransomware, distributed using malware campaigns, which redirect users to the RIG exploit kit, finally detonating the payload, the ransomware itself. It attacks vulnerable Windows PCs set to any language, except Russian, Ukrainian and a few others, probably pointing to its origins while doing so. GetCrypt […]

Ranstop stops Sodinokibi ransomware

Ransomware test subject – Sodinokibi A very serious vulnerability (CVE-2019-2725), with a CVSS score of 9.8 (out of 10) affected a few versions of Oracle’s WebLogic servers. The vulnerability allowed the attackers to remotely download and execute malware – without authentication – like this ransomware, called Sodinokibi, affecting businesses and disrupting operations. What this really […]

Ranstop blocks RYUK ransomware

Ransomware test subject – RYUK $400.000 were paid last month by the officials of Jackson County (Georgia) to recover their files after a RYUK ransomware variant hit their IT infrastructure. Except for the 911 emergency service and their website, everything went down, paralyzing activities and forcing everybody to carry out operations the old way, on […]

Ranstop blocks Yatron ransomware

Ransomware test subject – Yatron A few days ago a new ransomware emerged, called Yatron. The cybercriminal did not just stop here, but also developed a platform to sell the ransomware to others willing to distribute it, a method called “ransomware as a service”. Basically, anybody can buy a personalized version of the malware and […]

Ranstop blocks Jcry ransomware

Ransomware test subject – Jcry At the beginning of this month, a new ransomware campaign was launched targeting hundreds of Israeli websites. The attack used a popular website accessibility plugin to distribute the malware, modifying some data so that instead of the plugin, a malware payload is downloaded on the victim’s machine as soon as […]

Ranstop blocks LockerGoga ransomware

Test subject – LockerGoga ransomware The French-based engineering research and consulting firm “Altran Technologies ” was hit by a ransomware on the 24th of January. The attack spread through their network, including offices located in other countries, because of the opened network connections and shared folders mounted on the attacked systems. Altran took immediate actions, […]

Ranstop blocks Troldesh-Shade ransomware

Test subject – Troldesh/Shade ransomware This is a 0-day variant of Troldesh/Shade ransomware. The ransomware family has a five-year history and has seen many improvements since the first version. It’s typically distributed via email campaigns, weaponizing office documents, using social engineering to manipulate users. The cybercriminals use WordPress/Drupal/Joomla based websites to host their payload, hacking […]

Ranstop blocks CryCipher ransomware

Test subject – CryCipher ransomware CryCipher is among of the first ransomware discovered at the beginning of this new year. There’s no indication, as of yet, if the ransomware is related/part of with any existing ransomware families. CryCipher ransomware test facts It’s also been a while since we saw this type of ransomware. CryCipher, upon […]