Home > Knowledge Centre > Ransomware

Malware alert! Beware of the BTCWare Aleta Ransomware

  • Quick Heal Security Labs / 8 years
  • 0
  • 3 min read

Quick Heal Security Labs has observed the entry of a new BTCWare ransomware (first observed at the beginning of 2017) variant called ‘Aleta’. This ransomware is called so because it appends a “.aleta” extension to files it encrypts in an infected computer. Although BTCWare ransomware variants do not seem to use any special techniques or […]

DOs and DON’Ts to stay safe from Ransomware (infographic)

  • Sakshat Karkare / 9 years
  • 0
  • 1 min read

Unless you live in a cave, you would definitely know what is a ransomware. It is a malware that is keeping Internet users awake at nights and restless during the day. It does not strike with a warning, and when it does it does not leave without causing a catastrophe. Ransomware is a malware that […]

Petya_ransomware_quick_heal

Petya ransomware is affecting users globally, here are things you can do

  • Pradeep Kulkarni / 9 years
  • 51
  • 3 min read

Quick Heal Security Labs has come across a new strain of Petya Ransomware that is affecting users globally. This clearly looks like early signs of a new ransomware attack that is spreading fast across the globe. Currently, we have seen multiple reports of this ransomware attack from several countries. Our Analysis Shows Petya delivery mechanism […]

AES-NI Ransomware adopts combination of Fileless and Code Injection technique

  • Quick Heal Security Labs / 9 years
  • 0
  • 3 min read

Cybercriminals are adopting unique ways for spreading malware and this has been evident in the cases of the Cerber ransomware where the RIG exploit was used and the WannaCry ransomware which used the SMBv1 vulnerability. And now it’s the AES-NI ransomware which uses a combination of fileless and code injection technique. This threat involves the […]

MS17-010 – Windows SMB server exploitation leads to ransomware outbreak

  • Pradeep Kulkarni / 9 years
  • 0
  • 2 min read

The Microsoft Windows SMB (Server Message Block) is being actively exploited in the wild, post the Shadow Brokers (TSB) leak in April 2017. According to Microsoft’s blog, the exploits were already covered in previously released security bulletins. The Shadow Broker exploits named ‘EternalBlue’ and ‘EternalRomance’ and ‘EternalSynergy’ are addressed by Microsoft in security bulletin MS17-010. […]

WannaCry Ransomware Creating Havoc Worldwide by Exploiting Patched Windows Exploit!

  • Sakshat Karkare / 9 years
  • 0
  • 3 min read

Ransomware are causing major disruptions in recent years. Recently leaked dump of NSA EternalBlue exploit is used by cybercriminals to spread WannaCry ransomware worldwide. Dump of MS-17-010 Windows OS Vulnerability was made public by the notorious Shadow Broker group on 14th April, 2017. This vulnerability affects most of the desktop and server editions Microsoft Windows […]

Cosmos Bank website compromised with RIG Exploit Kit which drops Cerber Ransomware

  • Pradeep Kulkarni / 9 years
  • 3
  • 4 min read

Update: The incident has been taken care of by Cosmos Bank and its website (URL) is now clean and safe to use. Compromising popular websites has become a common strategy for attackers to spread infection in a widespread fashion. Attackers exploit unpatched vulnerabilities present on web servers in order to compromise websites. In addition to this, […]