ransomware

Pierluigi Paganini November 01, 2017
MBR-ONI ransomware involved in targeted attacks against Japanese organizations

MBR-ONI is a new ransomware that is being used for targeted attacks in Japan, experts speculate it was used to cover larger hacking campaigns. MBR-ONI is a new ransomware that is being used for targeted attacks in Japan, it is a bootkit ransomware that uses a modified version of the legitimate open-source disk encryption utility DiskCryptor to […]

Pierluigi Paganini October 31, 2017
Experts spotted a new strain of the Sage Ransomware that implements Anti-Analysis capabilities

Security experts from Fortinet spotted a new strain of the Sage ransomware that included new functionalities, such as anti-analysis capabilities. Sage 2.0 is a new ransomware first observed in December and not now it is distributed via malicious spam. Sage is considered a variant of CryLocker ransomware, it is being distributed by the Sundown and RIG exploit kits. The […]

Pierluigi Paganini October 28, 2017
Documents encrypted by Bad Rabbit ransomware could be recovered without paying ransom

Files Encrypted by Bad Rabbit Recoverable Without Paying Ransom. Some victims of the recent Bad Rabbit attack may be able to recover their files encrypted by the ransomware without paying the ransom. The discovery was made by researchers at Kaspersky Lab that analyzed the encryption functionality implemented by the ransomware. Once the ransomware infects a computer, […]

Pierluigi Paganini October 27, 2017
UK Government links the WannaCry attack that crippled NHS to North Korea

UK Government blamed North Korea for the WannaCry attack that affected a third of English hospitals. “This attack, we believe quite strongly that it came from a foreign state,” Ben Wallace, a junior minister for security, told BBC Radio 4’s Today programme. “North Korea was the state that we believe was involved in this worldwide attack,” […]

Pierluigi Paganini October 25, 2017
CSE Malware ZLab – Preliminary analysis of Bad Rabbit attack

We at the CSE Cybsec ZLab have conducted a preliminary analysis of the Bad Rabbit ransomware discovering interesting aspects of the attack. This is just the beginning of a complete report that we will release in the next days, but we believe our findings can be useful for the security community. This malware remembers the notorious NotPetya basically […]

Pierluigi Paganini October 14, 2017
DoubleLocker, the Android Ransomware that encrypts files and changes PIN Lock

Crooks have developed a strain of Android ransomware dubbed Doublelocker that both encrypts user data and changes PIN Lock. DoubleLocker, the name says it all, is a new malware that not only encrypts the Android mobile devices but also changes PIN lock. The DoubleLocker ransomware was discovered by security researchers from cybersecurity firm ESET. DoubleLocker is the first-ever […]

Pierluigi Paganini September 23, 2017
CSE CybSec ZLAB Malware Analysis Report: Petya

I’m proud to share with you the second report produced by Z-Lab, the Malware Lab launched by the company CSE CybSec. Enjoy the Analysis Report Petya. CybSec Enterprise recently launched a malware Lab called it Z-Lab, that is composed of a group of skilled researchers and lead by Eng. Antonio Pirozzi. It’s a pleasure for me to […]

Pierluigi Paganini September 21, 2017
FedEx announces $300m in lost business and response costs after NotPetya attack

FedEx is the last firm in order of time that disclosed the cost caused by the massive NotPetya, roughly $300m in lost business and response costs. The malware compromised systems worldwide, most of them in Ukraine, the list of victims is long and includes the US pharmaceutical company Merck, the shipping giant Maersk, the Ukraine’s central […]

Pierluigi Paganini September 18, 2017
CSE CybSec ZLAB Malware Analysis Report: NotPetya

I’m proud to share with you the first report produced by Z-Lab, the Malware Lab launched by the company CSE CybSec. Enjoy the Analysis Report NotPetya. As most of you already know I have officially presented my new Co a couple of months ago, CybSec Enterprise is its name and we already started to work on […]

Pierluigi Paganini August 27, 2017
Defray Ransomware used in targeted attacks on Education and Healthcare verticals

Researchers at Proofpoint spotted Defray Ransomware, a new ransomware used in a targeted campaign against education and healthcare organizations. Earlier this month, researchers at Proofpoint spotted a targeted ransomware campaign against education and healthcare organizations. The ransomware used in the campaign was dubbed Defray, based on the command and control (C&C) server hostname used for the […]