Blog

Ransomware

Mailto Ransomware under the skin of explorer.exe

Estimated reading time: 5 minutes

All of us, at some point in time,  must have heard the story of Wolf and the flock of sheep. The fooling trick used by the wicked wolf of pretending to be a sheep is still in use by many malware authors. They pretend to be genuine processes to achieve...

Ouroboros: Following A New Trend In Ransomware League

 February 18, 2020

Estimated reading time: 5 minutes

Ransomware authors keep exploring new ways to test their strengths against various malware evasion techniques. The ransomware known as “Ouroboros” is intensifying its footprint in the field by bringing more and more advancements in its behavior as it updates its version. This analysis provides the behaviour of version 6, few...

A Deep Dive Into Wakeup On Lan (WoL) Implementation of Ryuk

 February 13, 2020

Estimated reading time: 5 minutes

Quick Heal Security Labs recently came across a variant of Ryuk Ransomware which contains an additional feature of identifying and encrypting systems in a Local Area Network (LAN). This sample targets the systems which are present in sleep as well as the online state in the LAN. This sample is packed with...

HorseDeal Riding on The Curveball!

 February 5, 2020

Estimated reading time: 5 minutes

It’s surprising to see how quickly attackers make use of new vulnerabilities in malware campaigns. Microsoft recently patched a very interesting vulnerability in their monthly Patch Tuesday update for January 2020. It’s a spoofing vulnerability in Windows CryptoAPI (Crypt32.dll) validation mechanism for Elliptic Curve Cryptography (ECC) certificates. An attacker could...

Ako Ransomware targeting businesses using RaaS

 January 24, 2020

Estimated reading time: 5 minutes

Ako Ransomware targeting businesses using RaaS Quick Heal security researchers recently observed ransomware that uses RaaS (Ransomware as a Service) which is a subpart of MaaS (Malware as a Service). Before delving into the AKO ransomware or RaaS, one must understand what Malware as a Service means, as it is...

First Node.js-based Ransomware : Nodera

 January 22, 2020

Estimated reading time: 5 minutes

Recently while threat hunting, Quick Heal Security Labs came across an unusual Node.js framework based Nodera ransomware. The use of Node.js framework is not seen commonly across malware families. Latest development by threat actors reveal a nasty and one-of-its-kind ransomware being created; one that uses Node.js framework, which enables it to infect Windows...

STOP (Djvu) Ransomware: Ransom For Your Shady Habits!

 January 15, 2020

Estimated reading time: 9 minutes

With almost 200 extensions, STOP (djvu) ransomware can be said to be 2019’s most active and widespread ransomware. Although this ransomware was active a year before, it started its campaign aggressively in early 2019. To evade detection, it has been continuously changing its extensions and payloads. For earlier infections, data...

This Diwali, gift your loved ones digital security for life!

 October 25, 2019

Estimated reading time: 2 minutes

Diwali is that time of the year when you can literally feel the auspiciousness, fun and festivities in the air. While the streets are lightened with the bright glow of diyas and lamps, the night sky is adored by the sparkling light and boom of firecrackers. The hustle and bustle...

MegaCortex Returns…

 July 30, 2019

Estimated reading time: 5 minutes

MegaCortex, a ransomware which was first spotted in January this year, has become active again and has changed the way it previously attacked/targeted the corporate world. In order to simplify its execution and increase its scale of operation, it uses ‘Command Prompt’ instead of ‘PowerShell’ in current targeted campaign. Key...