Posts

Ranstop blocks PyLocky ransomware

Test subject – PyLocky ransomware PyLocky is a new ransomware which made its way to the digital world at the end of July, mostly via email campaigns. The core part is written in Python and it is packaged with PyInstaller. Besides the common ransomware-related features, it also exhibits a more complex behavior which prevents or […]

Ranstop stops KeyPass ransomware

Test subject – KeyPass ransomware Emerged last month, KeyPass is one of the first ransomware who managed to get noticed not just because of a significant distribution campaign, but also because of its new features. It was spotted in more than 20 countries around the world and has attacked a few hundred so far. However, […]

Ranstop blocks PrincessLocker Evolution ransomware

Test subject – PrincessLocker Evolution ransomware PrincessLocker first emerged in 2016, and since then, several versions and variants were released. We covered one of these in this article. This one is called “Evolution” and it was quickly advertised as a RaaS (ransomware as a service) by the malware developers. This means that anybody willing to […]

Ranstop stops LockyLocker ransomware

Test subject – LockyLocker ransomware LockyLocker (also known as PyLocker) is a new ransomware which made its way to the digital world at the end of July, mostly via email campaigns. It was also discovered bundled alongside legitimate software, made with InnoSetup, so this should serve as a heads-up. It’s worth mentioning that this particular […]

Ranstop blocks DBGer ransomware

Test subject – DBGer ransomware A new Satan variant was recently released, having quite a few updates. It’s called DBGer, named after the extension it adds to the encrypted files. Satan has been around for quite some time, and it is very popular among cybercriminals, mostly because of their Ransomware-as-a-Service (RaaS) portal, which makes it […]

Ranstop blocks CryBrazil ransomware

Test subject – CryBrazil ransomware Another HiddenTear based ransomware got released these days, called CryBrazil. The opensource platform initially created for educational purposes only was quickly adopted by malware developers who continue to develop and release new variants. Some of them are also decryptable, but most of them are not, making HiddenTear infections quite dangerous. […]

Ranstop blocks RedEye ransomware

Test subject – RedEye ransomware RedEye, the ransomware of choice for this article and video, was created by the developers of the infamous Annabelle (also Jigsaw, possibly a few others) and has only one purpose: to bring terror and destruction among its victims. There’s no way around, once your PC is infected, you will lose […]

Ranstop blocks GandCrab v3 ransomware

Test subject – GandCrab v3 ransomware We already covered the first version of GandCrab, but since then, two new versions were released. The developers promised to come back after their first command & control servers were seized, and they also managed to add new features to their malicious creation. Some things didn’t change though, the […]

Ranstop blocks XiaoBa ransomware

Test subject – Xiaoba ransomware Xiaoba has evolved from a simple ransomware to a file destroying coinminer. This is mainly due to some bugs in the code, but now is back with yet another version, which only encrypts files and demands a ransom to get them back, as any other ransomware does. Discovered in October […]

Ranstop blocks Iron ransomware

Test subject –Iron ransomware Iron is an unsual combination of three popular ransomware variants: Maktub, DMA Locker, and Satan. It borrows elements from each of these, both operational and visual, making it difficult to classify. Original Maktub allowed the free recovery of one encrypted file, Iron, however, doesn’t. It encrypts 374 file extensions, including some […]