Ako Ransomware targeting businesses using RaaS Quick Heal security researchers recently observed ransomware that uses RaaS (Ransomware as a Service) which is a subpart of MaaS (Malware as a Service). Before delving into the AKO ransomware or RaaS, one must understand what Malware as a Service means, as it is seen that many malware families […]
MegaCortex, a ransomware which was first spotted in January this year, has become active again and has changed the way it previously attacked/targeted the corporate world. In order to simplify its execution and increase its scale of operation, it uses ‘Command Prompt’ instead of ‘PowerShell’ in current targeted campaign. Key Points: 1.While analyzing we found […]
While everyone was engaged in new year celebrations, malware authors were busy creating new ransomware for 2019. Quick Heal Security Labs has observed the first ransomware of 2019 — Anatova. During our analysis, we found that Anatova is not just ransomware but a modular one. By modular ransomware we mean, though the main activity of […]
Ransomware has become one of the most dangerous cyber-attack methods because of the different techniques it uses to encrypt the files and evade the detection of security software to earn money. Also, at a time, it’s not limited to encrypting user’s files but also deletes the files and formats the local disk drives. Recently, Quick […]
Malspam email or malicious spam emails are considered to be one of the favorite malware delivery channels for the attackers to deliver the malware to targeted victims. Attackers also run spam email campaigns to distribute their malware to a large number of users. For attackers to succeed, two things are important – first is to […]
Recently, Quick Heal Security Labs observed a new destructive ransomware named ‘Ryuk. Ransomware’. This ransomware campaign has already affected many users worldwide and seems to be a spear phishing attack. The compelling thing, it encrypts victim files without appending any extension but making files unreadable. Ryuk uses robust military algorithms such as ‘RSA4096’ and ‘AES-256’ […]
In July last week, Quick Heal Security Labs detected a new ransomware called Armage. It appends ‘.Armage’ extension to files it encrypts. Armage ransomware uses the AES-256 encryption algorithm to encode files making them inoperable. It spreads via spam emails and corrupted text files. Technical analysis Once executed on the infected computer, Armage ransomware opens […]
Satan ransomware first occurred in early 2017. And it has resurfaced with a new variant in 2018. We have seen it using new, innovative techniques to spread such as EternalBlue exploit to distribute over compromised networks. This variant of Satan propagates using the below techniques: Mimikatz EternalBlue – exploit CVE-2017-0143 Technical Analysis 1. […]
A new variant of the Dharma ransomware (‘.arrow’) has been observed in the wild. This variant appends the extension ‘.arrow’ to the files it encrypts and spreads via spam emails. How Dharma encrypts its victim’s files Once executed, the ‘.arrow’ variant of Dharma uses the below command to disable Windows’ repair and backup option […]
Quick Heal Security Labs has come across a new ransomware that goes by the name ‘Zenis’. The ransomware not only encrypts files but also intentionally deletes the infected system’s backup. The behavior of Zenis ransomware Upon inside a computer, the ransomware performs the following checks before it starts encrypting the user’s data. Whether the […]
