In a surprising turn of events, notorious ransomware TeslaCrypt seems to be no more.
Malware development, like any other area in IT, is a hotbed of innovation and change. At the forefront of this trend are the groups responsible for developing ransomware applications such as TeslaCrypt and Cryptowall. Today’s news brings two new challengers: Petya and Samsam. They both contain the usual tricks: 2048-bit encryption, reliance on the use of TOR and other “shadow Internet” locations for payment, and headaches for everyone involved. That said, they each have some new tricks not yet seen in the space. Let’s take a look.
When TeslaCrypt first arrived on the ransomware scene about a year ago, it seemed like a CryptoLocker copycat with a few new tricks, such as renaming existing files, deleting browser history to hide the source of the infection, and a peculiar appetite for Twitch streamers and multimedia creators. The authors of this malware strain are adapting quickly, proving themselves to be more than just another copycat and recently launching the fourth version of the malicious software, one even more damaging than the original.
The gold standard in ransomware, CryptoWall, is making the rounds again with a new 4.0 release. In this revision, there are some pretty important changes that are going to make life more difficult for both infectees and security researchers looking to counter the software’s malicious activities.
It’s becoming more and more commonplace to read headlines reporting the latest and “greatest” security breach affecting a major corporation. Target, Home Depot, Anthem, and even the United States government have all been affected by cybercriminals hacking into their system and exploiting their sensitive information.
While these attacks are becoming more frequent, they’re also becoming more sophisticated. Cloud computing has made it easier for cybercriminals to infiltrate systems and obtain sensitive information. Of these cybercriminals, malware authors are key players. They’re creating new software used to steal this information, and they’re perfecting the variants of malware that already exist. To understand these developments, let’s look at the top three types of malware IT service providers and SMBs need to be aware of today.
Security researchers at CrowdStrike have uncovered a vulnerability that makes it possible for an attacker to escape from a virtual machine and gain access to the host hypervisor and the other virtual machines running on it. And that could mean trouble for data centers and cloud service providers.
Researchers at Cisco Systems’ Talos Group have identified a new variety of malware that, if detected, attempts to take its host computer with it. Known as Rombertik, it is unique in terms of the lengths it will go to avoid both detection and removal, but it utterly mundane in terms of its designed function.
As the saying goes, what’s old is new again, but sometimes what’s new can still be new again. Enigmatic? Perhaps, but two programs in the ransomware category are doing their best to prove this. An old friend that I’ve written about several times now, CryptoWall, is pioneering a new infection vector, while a fresh challenger, TeslaCrypt, is seeking to carve out a new target niche that has been underexploited. Let’s see why security experts are concerned about these two infectious agents.
Lenovo recently announced that the SuperFish software, which came pre-installed on their consumer-grade devices, needed to be removed from every system. Logically, many were asking what the intent of the software was and why it needed to be removed.
When we talk about business continuity and disaster recovery, data backup is always an important part of any suggested plan. And it’s true: if your SMB clients aren’t backing up their data, they’ll have big problems if they have a run in with malware or get hit by a natural disaster. A good disaster recovery plan is about more than just backing up files, though.