Paul Hanley

Recent Posts

TeslaCrypt closes doors, offers master decryption key

Posted by Paul Hanley on May 20, 2016 8:59:08 AM

In a surprising turn of events, notorious ransomware TeslaCrypt seems to be no more.

Read More

Topics: Ransomware

Samsam and Petya: The New Wave of Ransomware

Posted by Paul Hanley on Mar 30, 2016 5:17:42 PM

samsam_petya_ransomware.jpgMalware development, like any other area in IT, is a hotbed of innovation and change. At the forefront of this trend are the groups responsible for developing ransomware applications such as TeslaCrypt and Cryptowall. Today’s news brings two new challengers: Petya and Samsam. They both contain the usual tricks: 2048-bit encryption, reliance on the use of TOR and other “shadow Internet” locations for payment, and headaches for everyone involved. That said, they each have some new tricks not yet seen in the space. Let’s take a look.

Read More

Topics: Ransomware

TeslaCrypt 4.0 ransomware ups the ante with unbreakable encryption

Posted by Paul Hanley on Mar 24, 2016 12:19:13 PM

When TeslaCrypt first arrived on the ransomware scene about a year ago, it seemed like a CryptoLocker copycat with a few new tricks, such as renaming existing files, deleting browser history to hide the source of the infection, and a peculiar appetite for Twitch streamers and multimedia creators. The authors of this malware strain are adapting quickly, proving themselves to be more than just another copycat and recently launching the fourth version of the malicious software, one even more damaging than the original.

Read More

Topics: Ransomware

CryptoWall returns for another round with CryptoWall 4.0

Posted by Paul Hanley on Nov 6, 2015 12:05:24 PM

The gold standard in ransomware, CryptoWall, is making the rounds again with a new 4.0 release. In this revision, there are some pretty important changes that are going to make life more difficult for both infectees and security researchers looking to counter the software’s malicious activities.

Read More

Topics: Malware

Top malware threats to watch: CryptoWall, Jellyfish, Demon, and Moose

Posted by Paul Hanley on Jul 2, 2015 8:50:00 AM

It’s becoming more and more commonplace to read headlines reporting the latest and “greatest” security breach affecting a major corporation. Target, Home Depot, Anthem, and even the United States government have all been affected by cybercriminals hacking into their system and exploiting their sensitive information.

While these attacks are becoming more frequent, they’re also becoming more sophisticated. Cloud computing has made it easier for cybercriminals to infiltrate systems and obtain sensitive information. Of these cybercriminals, malware authors are key players. They’re creating new software used to steal this information, and they’re perfecting the variants of malware that already exist. To understand these developments, let’s look at the top three types of malware IT service providers and SMBs need to be aware of today.

Read More

Topics: Malware, Cyber Security

Venom security vulnerability threatens data centers, virtual machines

Posted by Paul Hanley on May 15, 2015 4:50:00 PM

Security researchers at CrowdStrike have uncovered a vulnerability that makes it possible for an attacker to escape from a virtual machine and gain access to the host hypervisor and the other virtual machines running on it. And that could mean trouble for data centers and cloud service providers.

Read More

Topics: IT Security, Cyber Security

Rombertik: What you need to know about malware’s suicide bomber

Posted by Paul Hanley on May 5, 2015 4:27:30 PM

Researchers at Cisco Systems’ Talos Group have identified a new variety of malware that, if detected, attempts to take its host computer with it. Known as Rombertik, it is unique in terms of the lengths it will go to avoid both detection and removal, but it utterly mundane in terms of its designed function. 

Read More

Topics: Malware, IT Security, Cyber Security

TeslaCrypt and CryptoWall bring new approaches to ransomware

Posted by Paul Hanley on Mar 30, 2015 2:00:00 PM

As the saying goes, what’s old is new again, but sometimes what’s new can still be new again.  Enigmatic?  Perhaps, but two programs in the ransomware category are doing their best to prove this.  An old friend that I’ve written about several times now, CryptoWall, is pioneering a new infection vector, while a fresh challenger, TeslaCrypt, is seeking to carve out a new target niche that has been underexploited.  Let’s see why security experts are concerned about these two infectious agents.

Read More

Topics: Malware, IT Security, Cyber Security

Lenovo’s SuperFish software threatens user security

Posted by Paul Hanley on Mar 11, 2015 3:57:43 PM

Lenovo recently announced that the SuperFish software, which came pre-installed on their consumer-grade devices, needed to be removed from every system. Logically, many were asking what the intent of the software was and why it needed to be removed.

Read More

Topics: IT Security, Announcements

What SMB business continuity and disaster recovery plans are missing

Posted by Paul Hanley on Feb 25, 2015 11:40:00 AM

When we talk about business continuity and disaster recovery, data backup is always an important part of any suggested plan. And it’s true: if your SMB clients aren’t backing up their data, they’ll have big problems if they have a run in with malware or get hit by a natural disaster. A good disaster recovery plan is about more than just backing up files, though.

Read More

Topics: Business Continuity and Disaster Recovery, Data Loss

MSP Marketing Assessment
MSP Phishing Quiz
MSP State of the Industry Survey
Intronis Local Lunches