Most industry experts, authorities and security vendors advise against paying the ransom when infected with ransomware, and there are several reasons for doing so. First, paying ransom encourages the ransomware phenomenon, and more and more cyber-criminals will attempt to profit in this way. It verifies the fact that money can be made out of this, […]
Although not a frequent target, and usually harder to exploit than other operating systems, Linux is not ransomware free. Mass ransomware attacks often target more popular operating systems, both among consumers with relatively fewer IT skills and businesses. However, targeted ransomware attacks go for a particular organization, so cyber criminals are looking to get a […]
Test subject – Arena ransomware, a variant of Crysis / Dharma The .Arena ransomware marks a comeback for the Crysis/Dharma ransomware family. According to Michael Gillespie, the distribution method is not yet known, but most probably follows the pattern of the Crysis family, which used to be installed manually after successfully compromising the Remote Desktop Protocol. Once executed the ransomware appends […]
Test subject – Loky Lukitus ransomware The Lukitus Loki variant is part of a new campaign following the “diablo” variant and is distributed via email campaigns containing malicious scripts either as office files or zip archives. One interesting feature of this variant, similar to the CryptoWall functionality, is that of scrambling files to make recovery even more difficult. […]
Cerber made the headlines again, this time with the latest variant as it brings new functions to the table, highlighting the importance of enterprise ransomware protection. Some experts say that the evolution of ransomware is towards developing worm-like capabilities, like NotPetya and WannaCry, but this new Cerber variant shows another development direction: that of adapting […]
Anti-ransomware is a technology created to protect user data, in response to the ransomware phenomenon, a major concern and one of the biggest threats to cybersecurity nowadays. However, it is a rather new type of threat as major ransomware attacks started over three years ago, and it took some time until the community recognized ransomware […]
Test subject – GlobeImposter ransomware This GlobeImposter ransomware is delivered as a java script via email campaigns and bypasses classic antivirus detection technologies. It has been maintaining a very low detection rate on Virustotal.com for several days. At the time of our live test, this variant was a top contributor to the latest ransomware incidents, according to the Bleeping […]
When it comes to ransomware detection, targeted ransomware attacks are very difficult to identify through classic anti-virus technology. Although such attacks are less frequent than their random, mass, counterparts, they are far more devastating and expensive mainly because they have a higher chance of succeeding in encrypting the files. Read about some important differences between […]
Test subject – PowerShell ransomware This PowerShell ransomware variant is particularly dangerous because it bypasses conventional anti-malware tools and renders files unusable. It uses a legitimate process to run the file encryption, eluding application control, heuristics and sandbox detection techniques. At the time of the test, less than a quarter of the solutions (according to […]
Test subject – Oxar, a HiddenTear variant Oxar is a HiddenTear variant with a highly destructive potential. It features anti-debugging characteristics like protected memory zones, as well as environmental awareness to identify Sandobx environments. The ransomware encrypts user data into new files with the “.OXR” extension, and then removes the original. It demands a Bitcoin […]
We have updated our policies to incorporate the changes specified in Regulation (EU) 2016/679 on the protection of individuals concerning the processing of personal data and on the free movement of such data. Please read how Temasoft processes personal data on our Privacy Policy page. By continuing to browse our site, confirm your acceptance of the use of cookies. Your data can be deleted at any time by following the instructions in the Cookie Policy or Privacy Policy sections.
OK