Blog

Ransomware

APT-27 like Newcore RAT, Virut exploiting MySQL for targeted attacks on enterprise

 May 28, 2019

Estimated reading time: 7 minutes

In today’s world data is everything, and to store and process this large amount of data, everyone started using computing devices. Database servers which are used for storing this precious data on computing devices include MySQL, MongoDB, MSSQL, etc. But unfortunately, not everyone is conscious about its security. In fact, approximately...

CVE-2019-0708 – A Critical “Wormable” Remote Code Execution Vulnerability in Windows RDP

Estimated reading time: 2 minutes

This is an important security advisory related to a recently patched Critical remote code execution vulnerability in Microsoft Windows Remote Desktop Service (RDP). The vulnerability is identified as “CVE-2019-0708 – Remote Desktop Services Remote Code Execution Vulnerability”. MSRC blog mentions This vulnerability is pre-authentication and requires no user interaction. In other...

JCry – A Ransomware written in Golang!

  • 2
    Shares
 April 9, 2019

Estimated reading time: 4 minutes

For several months, QH Labs has been observing an upswing in ransomware activity. We found a new ransomware which is written in Go lang. Malware authors are finding it easy to write ransomware in Go lang rather than traditional programming languages. Infection of Jcry ransomware starts with a compromised website. As...

GandCrab Riding Emotet’s Bus!

Estimated reading time: 4 minutes

Emotet Known for constantly changing its payload and infection vectors like spam mail, Malicious Doc and even Malicious JS files. It compromised a very high number of websites on the internet. Emotet malware campaign has existed since 2014. It comes frequently in intervals with different techniques and variants to deliver malware...

Anatova, A modular ransomware

  • 20
    Shares
 January 29, 2019

Estimated reading time: 6 minutes

While everyone was engaged in new year celebrations, malware authors were busy creating new ransomware for 2019. Quick Heal Security Labs has observed the first ransomware of 2019 — Anatova. During our analysis, we found that Anatova is not just ransomware but a modular one. By modular ransomware we mean,...

GandCrab Ransomware along with Monero Miner and Spammer

  • 3
    Shares
 January 24, 2019

Estimated reading time: 6 minutes

Recently we saw a new campaign through spam mail attachment- zip file. It contains JavaScript file which delivers a bundle of GandCrab Ransomware, Monero miner and Spammer. This bundle of multiple malware variants is nothing new, it is common for ransomware to be paired with miner and spammer. This type...

Ransomware displaced by cryptojacking as the most trending cyberthreat but it is not dead yet

  • 60
    Shares
 January 9, 2019

Estimated reading time: 2 minutes

For those of you who have experienced the worst of Ransomware attacks in the form of WannaCry and Petya and believe that the worst is over; you never know what may await you on the other side of this New Year. While the recent threat analysis reports by Quick Heal...

GandCrab says, “We will become back very soon! ;)”

 December 18, 2018

Estimated reading time: 5 minutes

GandCrab has been in the wild since last week of January 2018. Over the period it kept learning from its mistakes and GandCrab’s agile development grabbed the attention of many security researchers. From moving its servers to Namecoin powered Top Level Domain (.BIT TLD) servers after the first breach, then learning from...