Researchers at Varonis have uncovered a new ransomware variant that spreads and tracks its progress via SYSVOL share on Active Directory Domain Controllers.

The ransomware encrypts files and appends them with the extension, '.SaveTheQueen' and creates a file called 'hourly' on the SYSVOL share folder.

Continue reading →

Cybersecurity company Webroot has released its third annual Nastiest Malware list which shows ransomware making a comeback in addition to other threats.

Phishing and botnets are still popular attack methods and threats across the board are also becoming more sophisticated and harder to detect.

Continue reading →

Ransomware is a pervasive problem, and for victims it can be difficult to know whether paying up will help them to regain access to their maliciously encrypted files. So when ransomware decryption keys are released free of charge, it's always good news -- and this is exactly what has happened for HildaCrypt.

The developer of this particular strain of ransomware has released the decryption keys after a security researcher shared detailed of what was initially thought to be a new type of ransomware.

Continue reading →

A new report from vulnerability management company RiskSense looks at the most common vulnerabilities used across multiple families of ransomware that target enterprises and government organizations.

Among its key findings are that almost 65 percent target high-value assets like servers, close to 55 percent have CVSS v2 scores lower than eight, nearly 35 percent are old (from 2015 or earlier), and the vulnerabilities used in WannaCry are still being used today.

Continue reading →

Ransomware attacks are a major problem and they often gain access to systems via brute-force attacks against open and exposed remote access points such as Remote Desktop Protocol.

Cloud-native virtual application delivery platform Cameyo is launching its new RDP Port Shield security technology, along with a free, open source monitoring tool that any organization can use to identify attacks taking place over RDP in their environment.

Continue reading →

The education sector has become one of the most sought after targets for cybercriminals, according to the latest report from Malwarebytes Labs.

In the first half of 2019, the top three largest categories of threats identified among education institutions' devices are adware (43 percent), Trojans (25 percent) and backdoors (three percent). However, ransomware dropped to less than one percent in this period -- though it was higher both before and after the study.

Continue reading →

Detections of ransomware aimed at businesses rose by a massive 363 percent between the second quarter of 2018 and the same period this year. Meanwhile consumer ransomware is down 34 percent.

The latest quarterly threat report from Malwarebytes also sees a 235 percent overall increase in threats aimed at organizations from enterprises to small businesses, with ransomware as a major contributor.

Continue reading →

The cybercriminal's most effective weapon in a ransomware attack is the network itself, which enables the malicious encryption of shared files on network servers, especially files stored in infrastructure-as-a-service (IaaS) cloud providers.

This is according to a new report from threat detection specialist Vectra which finds that by encrypting files that are accessed by many business applications across the network, attackers achieve an economy of scale faster and far more damaging than encrypting files on individual devices.

Continue reading →

Security firm BitDefender has teamed up with the FBI, Europol and other agencies and created decryption software that enables ransomware victims to get their data back for free.

The tool can be used to retrieve files encrypted by the GandCrab family of ransomware which is thought to have originated in Russia. GandCrab has been active for around a year and a half, and hundreds of thousands of people have fallen victim to it.

Continue reading →

The latest quarterly threat research from Malwarebytes for Q1 2019 reveals a 200 percent jump in ransomware and continued increase in business targets for cyberthreats.

This shift back to ransomware comes in the wake of a continued decline in cryptomining, as well as an increased focus on mobile attacks and large-scale business invasions.

Continue reading →

Last month Aluminum manufacturer Norsk Hydro was hit by a large scale ransomware attack that affected its systems across the globe and caused severe disruption to its operations with an estimated impact of more than $35 million..

The attack used the LockerGoga ransomware and the threat research team at Securonix has been monitoring the malware, which also caused problems for a number of other companies.

Continue reading →

Emsisoft has released a free decrypter tool for anyone who has been struck by the Planetary Ransomware, eliminating the need to pay a fee to the attackers.

Before using the tool you are advised to ensure that you have removed the malware from your computer -- something you can do with the free version of Emsisoft Anti-Malware. You also need to ensure that you don't delete the ransom note ("!!!READ_IT!!!.txt") or the decrypter won't work.

Continue reading →

Despite the fact that in recent months we've seen cybercriminals focusing their efforts on businesses, 68 percent of infections are seen on consumer endpoints, compared to 32 percent on business endpoints.

This is one of the findings of the latest Webroot Threat Report, which also shows that legitimate websites are frequently compromised to host malicious content, with 40 percent of malicious URLs hosted on good domains.

Continue reading →

Ransomware attacks are increasingly well targeted and complex, and they can prove devastating for businesses.

Storage specialist Cohesity is launching a new set of anti-ransomware capabilities for its DataPlatform that can directly combat attacks.

Continue reading →

A number of major US newspapers -- including the Los Angeles Times, Chicago Tribune, Wall Street Journal and New York Times -- have been hit by a cyberattack that is said to originate from another country.

Malware was first detected on Thursday by Tribune Publishing, the owner of some of the affected titles, but unsuccessful attempts at quarantining meant that there was disruption well into Saturday. The Department of Homeland Security is currently investigating the incident which is not thought to have exposed any personal customer details.

Continue reading →