Blog

Ransomware

MegaCortex Returns…

 July 30, 2019

Estimated reading time: 5 minutes

MegaCortex, a ransomware which was first spotted in January this year, has become active again and has changed the way it previously attacked/targeted the corporate world. In order to simplify its execution and increase its scale of operation, it uses ‘Command Prompt’ instead of ‘PowerShell’ in current targeted campaign. Key...

Ransomware As A Tool – LockerGoga

 July 3, 2019

Estimated reading time: 5 minutes

Ransomware authors keep experimenting with the development of payload in various dimensions. In the timeline of ransomware implementations, we have seen its evolution from a simple screen locker to multi-component model for file encryption, from novice approach to a sophisticated one. The Ransomware as a Tool has evolved in wild...

What makes Quick Heal’s Next Generation Suite of Features a SMART choice to protect your privacy?

 May 29, 2019

Estimated reading time: 2 minutes

The cyber threat landscape is evolving every second, with thousands of new potential threats being detected every single day. With people becoming more and more conscious about their privacy and private data, such evolving threats can have a significant impact on the personal and financial life of people. In order...

APT-27 like Newcore RAT, Virut exploiting MySQL for targeted attacks on enterprise

 May 28, 2019

Estimated reading time: 7 minutes

In today’s world data is everything, and to store and process this large amount of data, everyone started using computing devices. Database servers which are used for storing this precious data on computing devices include MySQL, MongoDB, MSSQL, etc. But unfortunately, not everyone is conscious about its security. In fact, approximately...

CVE-2019-0708 – A Critical “Wormable” Remote Code Execution Vulnerability in Windows RDP

 May 17, 2019

Estimated reading time: 2 minutes

This is an important security advisory related to a recently patched Critical remote code execution vulnerability in Microsoft Windows Remote Desktop Service (RDP). The vulnerability is identified as “CVE-2019-0708 – Remote Desktop Services Remote Code Execution Vulnerability”. MSRC blog mentions This vulnerability is pre-authentication and requires no user interaction. In other...

JCry – A Ransomware written in Golang!

  • 2
    Shares
 April 9, 2019

Estimated reading time: 4 minutes

For several months, QH Labs has been observing an upswing in ransomware activity. We found a new ransomware which is written in Go lang. Malware authors are finding it easy to write ransomware in Go lang rather than traditional programming languages. Infection of Jcry ransomware starts with a compromised website. As...

Quick Heal Threat Report – Cryptojacking rising but Ransomware still #1 threat for consumers

  • 6
    Shares
 February 22, 2019

Estimated reading time: 1 minute

In wake of the growing incidences of targeted cyber-attacks on enterprises using Cryptojacking, due to its ease of deployment and instant return on investments; it rather comes as a surprise that malware authors are still counting on Ransomware for targeting consumers and home users. Yes, you heard it right! According...

GandCrab Riding Emotet’s Bus!

 February 15, 2019

Estimated reading time: 4 minutes

Emotet Known for constantly changing its payload and infection vectors like spam mail, Malicious Doc and even Malicious JS files. It compromised a very high number of websites on the internet. Emotet malware campaign has existed since 2014. It comes frequently in intervals with different techniques and variants to deliver malware...

Anatova, A modular ransomware

  • 20
    Shares
 January 29, 2019

Estimated reading time: 6 minutes

While everyone was engaged in new year celebrations, malware authors were busy creating new ransomware for 2019. Quick Heal Security Labs has observed the first ransomware of 2019 — Anatova. During our analysis, we found that Anatova is not just ransomware but a modular one. By modular ransomware we mean,...

GandCrab Ransomware along with Monero Miner and Spammer

  • 3
    Shares
 January 24, 2019

Estimated reading time: 6 minutes

Recently we saw a new campaign through spam mail attachment- zip file. It contains JavaScript file which delivers a bundle of GandCrab Ransomware, Monero miner and Spammer. This bundle of multiple malware variants is nothing new, it is common for ransomware to be paired with miner and spammer. This type...