Blog

Ransomware

Ransomware displaced by cryptojacking as the most trending cyberthreat but it is not dead yet

  • 60
    Shares
 January 9, 2019

Estimated reading time: 2 minutes

For those of you who have experienced the worst of Ransomware attacks in the form of WannaCry and Petya and believe that the worst is over; you never know what may await you on the other side of this New Year. While the recent threat analysis reports by Quick Heal...

GandCrab says, “We will become back very soon! ;)”

Estimated reading time: 5 minutes

GandCrab has been in the wild since last week of January 2018. Over the period it kept learning from its mistakes and GandCrab’s agile development grabbed the attention of many security researchers. From moving its servers to Namecoin powered Top Level Domain (.BIT TLD) servers after the first breach, then learning from...

Ghost Has Arrived

Estimated reading time: 5 minutes

On the back of an upswing in Ransomware activity, we decided to carry out an in-depth analysis of Ghost Ransomware. Interesting fact about this malware is that it uses multiple components to encrypt user files. Technical Analysis : Main malware executable (Ghost.exe) is compiled using the DotNet Framework. The infection...

Sophisticated Ransomware : “Katyusha”

  • 16
    Shares
 December 14, 2018

Estimated reading time: 6 minutes

For several months, Quick Heal Security Labs has been observing an increase in ransomware, we have found one more interesting ransomware which encrypts files and adds extension “.katyusha” and demands for an amount of 0.5 btc within three days and threatens to release the data to public download if the ransom is not...

Ransomware attacks through Remote Access are on rise. Secure your system now!!

  • 29
    Shares
 October 26, 2018

Estimated reading time: 5 minutes

Once again ransomware attacks are on the rise and this can leave your systems vulnerable to critical data loss and breach. In fact, the recent outbreak of ransomware allows cyber criminals to easily gain access to your computer through Remote Desktop using brute-force technique, which is capable of cracking weak...

You’ve Been Hit By Ransomware. Now What?

  • 24
    Shares
 October 9, 2018

Estimated reading time: 3 minutes

“ALL YOUR FILES HAVE BEEN ENCRYPTED”   You see that line flashing on your laptop or desktop and suddenly your adrenaline level shoots up with hundreds of questions already hitting your mind… How Do I Remove that Message? Why Can’t I Access My System? Will I Lose All My Work?...

“Troldesh’s” One More Variant in the Encryption Offender

  • 22
    Shares
 September 3, 2018

Estimated reading time: 4 minutes

Over the past few days, we have been observing criminals/hackers using a new carrier to deliver the ransomware malware. Recently, Quick Heal Security Labs observed a new variant of Troldesh ransomware which encrypts the data and adds the extension as “.no_more_ransom”. This ransomware comes under Crypto-Ransomware variant, the origin of this...

Android malware that combines a Banking Trojan, Keylogger, and Ransomware in one package

  • 67
    Shares
 August 17, 2018

Estimated reading time: 8 minutes

This malware has all basic functionalities of the Android banker along with additional features like call forwarding, sound recording, keylogging and ransomware activities. It has the ability to launch user’s browser with URL received from the C&C server. It repeatedly opens the accessibility setting page until the user switches ON the ‘AccessibilityService’. The...

Again! A New .NET Ransomware Shrug2

  • 30
    Shares
 August 10, 2018

Estimated reading time: 5 minutes

For several months, Quick Heal Security Labs has been observing an increase in ransomware which are built in  .NET framework. Ransomware like SamSam, Lime and now Shrug was found to be built in .NET framework. Malware authors are finding it very easy to build and obfuscate malware in .NET framework rather than making them in...

An analysis of the Dharma ransomware outbreak by Quick Heal Security Labs

  • 25
    Shares
 May 2, 2018

Estimated reading time: 7 minutes

On April 25, 2018, Quick Heal Security Labs issued an advisory on a new ransomware outbreak. We are observing a sudden spike of Dharma Ransomware. Even though Dharma ransomware is old, we observed its new variant which is encrypting files and appending the “.arrow” extension to it. Previously the encrypted...