Paul Hanley

Recent Posts

CryptoWall returns for another round with CryptoWall 4.0

Posted by Paul Hanley on Nov 6, 2015 12:05:24 PM

The gold standard in ransomware, CryptoWall, is making the rounds again with a new 4.0 release. In this revision, there are some pretty important changes that are going to make life more difficult for both infectees and security researchers looking to counter the software’s malicious activities.

Read More

Topics: Malware

Top malware threats to watch: CryptoWall, Jellyfish, Demon, and Moose

Posted by Paul Hanley on Jul 2, 2015 8:50:00 AM

It’s becoming more and more commonplace to read headlines reporting the latest and “greatest” security breach affecting a major corporation. Target, Home Depot, Anthem, and even the United States government have all been affected by cybercriminals hacking into their system and exploiting their sensitive information.

While these attacks are becoming more frequent, they’re also becoming more sophisticated. Cloud computing has made it easier for cybercriminals to infiltrate systems and obtain sensitive information. Of these cybercriminals, malware authors are key players. They’re creating new software used to steal this information, and they’re perfecting the variants of malware that already exist. To understand these developments, let’s look at the top three types of malware IT service providers and SMBs need to be aware of today.

Read More

Topics: Malware, Cyber Security

Venom security vulnerability threatens data centers, virtual machines

Posted by Paul Hanley on May 15, 2015 4:50:00 PM

Security researchers at CrowdStrike have uncovered a vulnerability that makes it possible for an attacker to escape from a virtual machine and gain access to the host hypervisor and the other virtual machines running on it. And that could mean trouble for data centers and cloud service providers.

Read More

Topics: IT Security, Cyber Security

Rombertik: What you need to know about malware’s suicide bomber

Posted by Paul Hanley on May 5, 2015 4:27:30 PM

Researchers at Cisco Systems’ Talos Group have identified a new variety of malware that, if detected, attempts to take its host computer with it. Known as Rombertik, it is unique in terms of the lengths it will go to avoid both detection and removal, but it utterly mundane in terms of its designed function. 

Read More

Topics: Malware, IT Security, Cyber Security

TeslaCrypt and CryptoWall bring new approaches to ransomware

Posted by Paul Hanley on Mar 30, 2015 2:00:00 PM

As the saying goes, what’s old is new again, but sometimes what’s new can still be new again.  Enigmatic?  Perhaps, but two programs in the ransomware category are doing their best to prove this.  An old friend that I’ve written about several times now, CryptoWall, is pioneering a new infection vector, while a fresh challenger, TeslaCrypt, is seeking to carve out a new target niche that has been underexploited.  Let’s see why security experts are concerned about these two infectious agents.

Read More

Topics: Malware, IT Security, Cyber Security

Lenovo’s SuperFish software threatens user security

Posted by Paul Hanley on Mar 11, 2015 3:57:43 PM

Lenovo recently announced that the SuperFish software, which came pre-installed on their consumer-grade devices, needed to be removed from every system. Logically, many were asking what the intent of the software was and why it needed to be removed.

Read More

Topics: IT Security, Announcements

What SMB business continuity and disaster recovery plans are missing

Posted by Paul Hanley on Feb 25, 2015 11:40:00 AM

When we talk about business continuity and disaster recovery, data backup is always an important part of any suggested plan. And it’s true: if your SMB clients aren’t backing up their data, they’ll have big problems if they have a run in with malware or get hit by a natural disaster. A good disaster recovery plan is about more than just backing up files, though.

Read More

Topics: Business Continuity and Disaster Recovery, Data Loss

It’s Back: CryptoWall 3.0 Enters With a New Ransomware

Posted by Paul Hanley on Jan 19, 2015 1:52:00 PM

After several slow months, it seems that the authors of the infamous CryptoWall malware (Win32/Crowti or Trojan.Cryptowall) have re-emerged from wherever they’ve been hiding and have brought another version of their devious malware with them. Dubbed “CryptoWall 3.0” by security blogs and researchers, the new malware contains a number of changes and additions over the previous version.

Read More

Topics: Malware, Cyber Security

KEYHolder malware – The latest ransomware craze

Posted by Paul Hanley on Dec 10, 2014 3:07:00 PM

A new contender in the ransomware space has burst onto the scene in the last few days. Known as KEYHolder malware, it follows in the same vein as CryptoLocker, CryptoWall, CryptoDefense, and similar members of the Locker family of malware. 

Read More

Topics: Malware

Cryptowall: New ransomware picking up where CryptoLocker left off

Posted by Paul Hanley on Jun 11, 2014 1:40:00 PM

A new form of ransomware is on the loose, filling the void left by CryptoLocker. Several security blogs are warning IT pros about “Cryptowall”, which leverages social engineering and security exploits to encrypt its victims’ files.

Ronnie Tokazowski at wrote an analysis of Cryptowall, explaining how users around the world have lost access to thousands of files after failing to pay the ransom.

Cryptowall tricks users into downloading infected attachments or clicking infected advertisements, and then takes advantage of security gaps in Silverlight, Flash, and Java to make its way onto computers, according to an alert from SANS Internet Security Center.

Read More

Topics: Malware

The MSP's Complete Guide to Cyber Security

Follow Intronis

Intronis demo lunch
Fixed Price Data Protection