Home > Knowledge Centre > Ransomware

HorseDeal Riding on The Curveball!

  • Jayesh kulkarni / 6 years
  • 0
  • 5 min read

It’s surprising to see how quickly attackers make use of new vulnerabilities in malware campaigns. Microsoft recently patched a very interesting vulnerability in their monthly Patch Tuesday update for January 2020. It’s a spoofing vulnerability in Windows CryptoAPI (Crypt32.dll) validation mechanism for Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using […]

First Node.js-based Ransomware : Nodera

  • Ravi Gidwani / 6 years
  • 2
  • 5 min read

Recently while threat hunting, Quick Heal Security Labs came across an unusual Node.js framework based on Nodera ransomware. The use of the Node.js framework is not seen commonly across malware families. However, the latest development by threat actors reveals nasty and one-of-its-kind ransomware being created, one that uses the Node.js framework, which enables it to […]

STOP (Djvu) Ransomware: Ransom For Your Shady Habits!

  • Jayesh kulkarni / 6 years
  • 0
  • 11 min read

With almost 200 extensions, STOP (djvu) ransomware can be said to be 2019’s most active and widespread ransomware. Although this ransomware was active a year before, it started its campaign aggressively in early 2019. To evade detection, it has been continuously changing its extensions and payloads. For earlier infections, data recovery was easier if the […]

Ransomware As A Tool – LockerGoga

  • Ghanshyam More / 7 years
  • 0
  • 5 min read

Ransomware authors keep experimenting with the development of payload in various dimensions. In the timeline of ransomware implementations, we have seen its evolution from a simple screen locker to multi-component model for file encryption, from novice approach to a sophisticated one. The Ransomware as a Tool has evolved in wild and one of them has […]

JCry – A Ransomware written in Golang!

  • Ghanshyam More / 7 years
  • 0
  • 5 min read

For several months, QH Labs has been observing an upswing in ransomware activity. We found a new ransomware which is written in Go lang. Malware authors are finding it easy to write ransomware in Go lang rather than traditional programming languages. Infection of Jcry ransomware starts with a compromised website. As shown in the above image, […]

Anatova, A modular ransomware

  • Shriram Munde / 7 years
  • 9
  • 7 min read

While everyone was engaged in new year celebrations, malware authors were busy creating new ransomware for 2019. Quick Heal Security Labs has observed the first ransomware of 2019 — Anatova. During our analysis, we found that Anatova is not just ransomware but a modular one. By modular ransomware we mean, though the main activity of […]

Mongolock Ransomware deletes files and targets databases

  • Shriram Munde / 7 years
  • 0
  • 3 min read

Ransomware has become one of the most dangerous cyber-attack methods because of the different techniques it uses to encrypt the files and evade the detection of security software to earn money. Also, at a time, it’s not limited to encrypting user’s files but also deletes the files and formats the local disk drives. Recently, Quick […]

Ghost Has Arrived

  • Ghanshyam More / 7 years
  • 0
  • 6 min read

On the back of an upswing in Ransomware activity, we decided to carry out an in-depth analysis of Ghost Ransomware. Interesting fact about this malware is that it uses multiple components to encrypt user files. Technical Analysis : Main malware executable (Ghost.exe) is compiled using the DotNet Framework. The infection vector of this ransomware is […]

Sophisticated Ransomware : “Katyusha”

  • Ghanshyam More / 7 years
  • 0
  • 7 min read

For several months, Quick Heal Security Labs has been observing an increase in ransomware, we have found one more interesting ransomware which encrypts files and adds extension “.katyusha” and demands for an amount of 0.5 btc within three days and threatens to release the data to public download if the ransom is not paid. Malware is bundled with […]