Blog

Ransomware

Maze ransomware continues to be a threat to the consumers

 June 18, 2020

Estimated reading time: 6 minutes

Maze is a recently highlighted ransomware among the ever-growing list of ransomware families. The ransomware is active from the past one year, although it came into limelight due to its new approach of publishing sensitive data of infected customers publicly. The malware uses different techniques to gain entry like the...

Way Out of The MAZE: A Quick Guide For Defending Against Maze Ransomware

 April 23, 2020
The modus operandi of the Maze Ransomware

Estimated reading time: 6 minutes

From late 2019, MAZE Ransomware started becoming infamous for its Encryption, data stealing and the subsequent selling of the stolen data. Few other reasons behind its popularity are also its unique targets and the ransom demands. From its inception around May 2019, MAZE actors are targeting multiple sectors, prominent ones...

Dharma Ransomware Variant Malspam Targeting COVID-19

 April 9, 2020
Dharma-variants-penetrating-through-COVID-19

Estimated reading time: 7 minutes

Since the outbreak of the Novel Coronavirus pandemic, many malware have been seen trying to lure people to open malicious emails, malicious domains and run other malware, etc. Some of these malicious domains are fully functional and provide real-time mapping of COVID-19 stats across the globe. However, they deliver malware...

Fake Coronavirus tracking app exploiting our fear and vulnerable social situation

 March 20, 2020

Estimated reading time: 4 minutes

As the Coronavirus spreads across countries creating fear across the globe, everybody wants to stay on top of any information related to it wanting to remain safe and away from infected people. Malware authors are also taking advantage of this situation. Previously on the Android Playstore, there were many  applications present which claimed...

Mailto Ransomware under the skin of explorer.exe

 March 3, 2020

Estimated reading time: 5 minutes

All of us, at some point in time,  must have heard the story of Wolf and the flock of sheep. The fooling trick used by the wicked wolf of pretending to be a sheep is still in use by many malware authors. They pretend to be genuine processes to achieve...

Ouroboros: Following A New Trend In Ransomware League

 February 18, 2020

Estimated reading time: 5 minutes

Ransomware authors keep exploring new ways to test their strengths against various malware evasion techniques. The ransomware known as “Ouroboros” is intensifying its footprint in the field by bringing more and more advancements in its behavior as it updates its version. This analysis provides the behaviour of version 6, few...

A Deep Dive Into Wakeup On Lan (WoL) Implementation of Ryuk

 February 13, 2020

Estimated reading time: 5 minutes

Quick Heal Security Labs recently came across a variant of Ryuk Ransomware which contains an additional feature of identifying and encrypting systems in a Local Area Network (LAN). This sample targets the systems which are present in sleep as well as the online state in the LAN. This sample is packed with...

HorseDeal Riding on The Curveball!

Estimated reading time: 5 minutes

It’s surprising to see how quickly attackers make use of new vulnerabilities in malware campaigns. Microsoft recently patched a very interesting vulnerability in their monthly Patch Tuesday update for January 2020. It’s a spoofing vulnerability in Windows CryptoAPI (Crypt32.dll) validation mechanism for Elliptic Curve Cryptography (ECC) certificates. An attacker could...

Ako Ransomware targeting businesses using RaaS

 January 24, 2020

Estimated reading time: 5 minutes

Ako Ransomware targeting businesses using RaaS Quick Heal security researchers recently observed ransomware that uses RaaS (Ransomware as a Service) which is a subpart of MaaS (Malware as a Service). Before delving into the AKO ransomware or RaaS, one must understand what Malware as a Service means, as it is...

First Node.js-based Ransomware : Nodera

 January 22, 2020

Estimated reading time: 5 minutes

Recently while threat hunting, Quick Heal Security Labs came across an unusual Node.js framework based Nodera ransomware. The use of Node.js framework is not seen commonly across malware families. Latest development by threat actors reveal a nasty and one-of-its-kind ransomware being created; one that uses Node.js framework, which enables it to infect Windows...