Open top menu
#htmlcaption1 SEA DICAT POSIDONIUM EX GRAECE URBANITAS SED INTEGER CONVALLIS LOREM IN ODIO POSUERE RHONCUS DONEC Stay Connected
Jumat, 30 September 2016
7th Generation Intel® Core™ Processor Family

inteli7generasi
Processor numbers for the 7th Generation Intel® Core™ processors use an alphanumeric scheme based on generation and product line following the brand and its modifier. The first digit in the four-number sequence indicates the generation of processor, and the next three digits are SKU numbers. Where applicable, an alpha suffix appears at the end of the processor name, which represents the processor line. Intel® High End Desktop processors follow a different numbering scheme due to the difference in their feature set.
Read more
Kamis, 29 September 2016
The Week in Ransomware - September 23 2016 - Cerber, Stampado, Fabiansomware, FenixLocker, and More

This has been the slowest ransomware week in a long time! Thank you devs for giving me some time to do other things! For this week we have some smaller ransomware releases as well as new updates to existing ransomware. We also have the continuing saga of Fabian smacking the Stampado and Apocalypse devs around with new decryptors. Last, but not least, we have a major distribution campaign being conducted by a new Cerber affiliate.
Contributors and those who provided new ransomware info this week include:@MalwareTechBlog@struppigel@JakubKroustek@fwosar@malwrhunterteam@PolarToffee,@DanielGallagher@demonslay335@JAMESWT_MHT@Seifreed@nyxbone@BleepinComputer, and @Avira. If you are interested in ransomware or InfoSec, I suggest you follow all of them on Twitter.

September 17th 2016

New Ransomware called FenixLocker adds love note every Encrypted File

Fabian Wosar of Emsisoft discovered that the new FenixLocker leaves a love note in every encrypted file. This love note states "FenixILoveyou!!".

September 18th 2016

HDDCryptor Ransomware Overwrites Your MBR Using Open Source Tools

​HDDCryptor, sometimes spelled HDD Cryptor and also identified as Mamba, is a new ransomware variant discovered by Morphus Labs that rewrites a computer's MBR (Master Boot Record) boot sectors and locks users out of their PCs. While we might hurry to classify this as a Petya clone, HDDCryptor predates both Petya and Satana, being spotted on the Bleeping Computer forums at the end of January this year.
Read more
Introducing Her Royal Highness, the Princess Locker Ransomware

 Today we bring you Princess Locker; the ransomware only royalty could love.  First discovered byMichael Gillespie, Princess Locker encrypts a victim's data and then demands a hefty ransom amount of 3 bitcoins, or approximately $1,800 USD, to purchase a decryptor. If payment is not made in the specified timeframe, then the ransom payment doubles to 6 bitcoins
Not much is known about Princess Locker other than having seen a few encrypted files and ransom notes uploaded to ID-Ransomware.  From what has been gather gathered, when a person is infected, the ransomware will encrypt the victim's files and then append a random extension to encrypted files and a unique ID is created for the victim. This ID, extension, and encryption is then most likely sent up to the ransomware's Command & Control server. 
Ransom notes are also created and displayed, which are named!_HOW_TO_RESTORE_[extension].TXT and !_HOW_TO_RESTORE_[extension].html.

These ransom notes contain the victim's ID and links to the TOR payment sites where a victim can login to see payment information. 

The Princess Locker Payment Site

The Princess Locker payment site is your standard ransomware site with no special features. When victim's access the Princess Locker payment site they will be greeted with a page asking them to select a language that looks almost identical to Cerber's language selection page.

Read more
Rabu, 28 September 2016
The Donald Trump Ransomware tries to Build Walls around your Files

With all the buzz around tonight's Presidential Debate between Hillary Clinton and Donald Trump, I decided to see if I could find any malware based around these polarizing candidates. Though I did not find anything related to Hillary Clinton, I did stumble upon a development version of the Donald Trump Ransomware.
donald_trump_ransomware
The Donald Trump Ransomware is currently in development and as it was first compiled over a month ago, there is a good chance that it will never be actively distributed. Though the ransomware does contain functions to encrypt files using AES, in its current form it does not actually encrypt anything.
Instead it will look for files in the encrypt folder and base64 encode the file names and then append the .ENCRYPTED extension to any files that match certain file extensions. The extensions targeted by this program are:
.zip, .mp3, .7z, .rar, .wma, .avi, .wmv, .csv, .tax, .sidn, .itl, .mdbackup, .menu, .icarus, .litemod, .sav, .lvl, .raw, .flv, .m3u, .xxx, .pak, .jpg, .png, .docx, .doc, .ppt, .odt, .csv, .jpeg, .psd, .rtf, .cfg,  Minecraft,  alts.json, .wolfram, .dat, .dat_mcr, .mca, .Ink, .pub, .pptx, .php, .html, .yml, .sk, .txt, .mp4, .vb, .swf, .ico, .xcf,  bukkit.jar, .log, .sln, .ini, .dll, .xml, .tex, .assets, .resource, .java, .js, .css, .gif,
In this version you can simply click on the Unlock button to have the files renamed to their original filenames.
While, I did not find any serious infections corresponding to these candidates, I urge everyone to be extra careful with any email attachments they receive during the election. It is very common for malware developers to send malware attachments disguised as content related to the current news.

Read more
Langganan: Postingan (Atom)