Blog
Shriram Munde

About Shriram Munde

Shriram has 5 years of experience in cyber threat research and analysis. He is part of Quick Heal’s Proactive Team. His interests include blogging and exploring the world of cybersecurity and malware.

Anatova, A modular ransomware

  • 20
    Shares
 January 29, 2019

Estimated reading time: 6 minutes

While everyone was engaged in new year celebrations, malware authors were busy creating new ransomware for 2019. Quick Heal Security Labs has observed the first ransomware of 2019 — Anatova. During our analysis, we found that Anatova is not just ransomware but a modular one. By modular ransomware we mean,...

Mongolock Ransomware deletes files and targets databases

  • 1
    Share
 January 29, 2019

Estimated reading time: 4 minutes

Ransomware has become one of the most dangerous cyber-attack methods because of the different techniques it uses to encrypt the files and evade the detection of security software to earn money. Also, at a time, it’s not limited to encrypting user’s files but also deletes the files and formats the...

Malspam email – Jack of all malware, master of none.

  • 30
    Shares
 January 21, 2019

Estimated reading time: 4 minutes

Malspam email or malicious spam emails are considered to be one of the favorite malware delivery channels for the attackers to deliver the malware to targeted victims. Attackers also run spam email campaigns to distribute their malware to a large number of users. For attackers to succeed, two things are...

A new ransomware campaign in the wild,Ryuk!!

  • 21
    Shares
 August 28, 2018

Estimated reading time: 4 minutes

Recently, Quick Heal Security Labs observed a new destructive ransomware named ‘Ryuk. Ransomware’. This ransomware campaign has already affected many users worldwide and seems to be a spear phishing attack. The compelling thing, it encrypts victim files without appending any extension but making files unreadable. Ryuk uses robust military algorithms...

Beware of the Armage Ransomware – the File Destroyer!

  • 19
    Shares
 August 8, 2018

Estimated reading time: 3 minutes

In July last week, Quick Heal Security Labs detected a new ransomware called Armage. It appends ‘.Armage’ extension to files it encrypts. Armage ransomware uses the AES-256 encryption algorithm to encode files making them inoperable. It spreads via spam emails and corrupted text files. Technical analysis Once executed on the...

Satan ransomware raises its head again!

  • 7
    Shares
 June 20, 2018

Estimated reading time: 3 minutes

Satan ransomware first occurred in early 2017. And it has resurfaced with a new variant in 2018. We have seen it using new, innovative techniques to spread such as EternalBlue exploit to distribute over compromised networks.   This variant of Satan propagates using the below techniques: Mimikatz EternalBlue – exploit...

Dharma ransomware resurfaces with a new variant

  • 42
    Shares
 April 16, 2018

Estimated reading time: 3 minutes

A new variant of the Dharma ransomware (‘.arrow’) has been observed in the wild. This variant appends the extension ‘.arrow’ to the files it encrypts and spreads via spam emails.   How Dharma encrypts its victim’s files Once executed, the ‘.arrow’ variant of Dharma uses the below command to disable...

An analysis of the Zenis ransomware by Quick Heal Security Labs

 March 19, 2018

Estimated reading time: 4 minutes

Quick Heal Security Labs has come across a new ransomware that goes by the name ‘Zenis’. The ransomware not only encrypts files but also intentionally deletes the infected system’s backup.   The behavior of Zenis ransomware Upon inside a computer, the ransomware performs the following checks before it starts encrypting...

Thanatos Ransomware – an analysis by Quick Heal Security Labs

  • 17
    Shares
 February 22, 2018

Estimated reading time: 2 minutes

Quick Heal Security Labs has come across a new ransomware with AES encryption technique that demands 0.01 Bitcoin as a ransom after encrypting the victim’s files. It’s known as Thanatos Ransomware. Thanatos is a type of a Trojan malware that spreads through malicious advertisements, phishing sites, spam emails, freeware and...

New Saturn Ransomware offers ransomware-as-a-service

  • 22
    Shares
 February 19, 2018

Estimated reading time: 4 minutes

Quick Heal Security Labs has come across a new ransomware called ‘Saturn’ currently doing the rounds which upon encryption appends “. Saturn” extension to the encrypted files.  Behaviour of Saturn Ransomware Upon arrival on the host machine, Saturn ransomware checks whether it is a virtual environment or has any debuggers....