Blog

Ransomware

Ghost Has Arrived

Estimated reading time: 5 minutes

On the back of an upswing in Ransomware activity, we decided to carry out an in-depth analysis of Ghost Ransomware. Interesting fact about this malware is that it uses multiple components to encrypt user files. Technical Analysis : Main malware executable (Ghost.exe) is compiled using the DotNet Framework. The infection...

Sophisticated Ransomware : “Katyusha”

  • 16
    Shares
 December 14, 2018

Estimated reading time: 6 minutes

For several months, Quick Heal Security Labs has been observing an increase in ransomware, we have found one more interesting ransomware which encrypts files and adds extension “.katyusha” and demands for an amount of 0.5 btc within three days and threatens to release the data to public download if the ransom is not...

A new ransomware campaign in the wild,Ryuk!!

  • 21
    Shares
 August 28, 2018

Estimated reading time: 4 minutes

Recently, Quick Heal Security Labs observed a new destructive ransomware named ‘Ryuk. Ransomware’. This ransomware campaign has already affected many users worldwide and seems to be a spear phishing attack. The compelling thing, it encrypts victim files without appending any extension but making files unreadable. Ryuk uses robust military algorithms...

Beware of the Armage Ransomware – the File Destroyer!

  • 18
    Shares
 August 8, 2018

Estimated reading time: 3 minutes

In July last week, Quick Heal Security Labs detected a new ransomware called Armage. It appends ‘.Armage’ extension to files it encrypts. Armage ransomware uses the AES-256 encryption algorithm to encode files making them inoperable. It spreads via spam emails and corrupted text files. Technical analysis Once executed on the...

A new ransom-miner malware campaign emerging in wild!

 July 10, 2018

Estimated reading time: 6 minutes

Since the past few weeks, Quick Heal Security Labs has been observing a series of interesting malware blocked at our customer end. The further analysis of the malware ‘t.exe’ revealed that the malware seems to be Trojan dropper. Interestingly, this multipurpose malware is downloading a ransomware component, a crypto-mining malware...

Breed of MBR Infecting Ransomware – an analysis by Quick Heal Security Labs

 May 16, 2018

Estimated reading time: 6 minutes

Ransomware is becoming one of the most perilous cyberattack methods and also the most habitual techniques for cybercriminals to earn money. It appears to have new weapons in its arsenal over time which is invariably aimed to boost its strength and enhance its business. As encrypting the files and restricting...

The Runner: a key component of the SamSam ransomware campaign – An analysis by Quick Heal Security Labs

 February 8, 2018

Estimated reading time: 4 minutes

In Jan 2018, Greenfield, Indiana-based Hancock Health (healthcare network) was attacked by SamSam ransomware. It encrypted the files containing patients’ data which disrupted their critical services. Even though SamSam is not a new ransomware, it has evolved over a period of time. We had observed its first variant in Feb...

Cybersecurity Predictions: What to expect in 2018

  • 51
    Shares
 December 26, 2017
Cybersecurity prediction for 2018

Estimated reading time: 7 minutes

Get ready! 2018 is going to be much worse for cybersecurity than what it was for 2017. Before we get on with the cybersecurity predictions for 2018, let’s take a quick flashback of 2017 2017 was riddled with cybersecurity mayhem: WannaCry – the biggest ransomware attack in history; took down...

Android Ransomware Alert! DoubleLocker changes your phone’s PIN and encrypts your data

  • 107
    Shares
 October 27, 2017

Estimated reading time: 3 minutes

DoubleLocker is an Android ransomware the likes of which have never been seen before. The malware is designed to launch a two-pronged attack – it locks down the phone it infects and encrypts all files stored on the device. What is spreading DoubleLocker ransomware? The malware gets into a device...