A few days ago, Magnitude EK resurfaced, this time with a new payload that targets only the country of South Korea. It’s called Magniber ransomware.
In this edition of the Malwarebytes Cybercrime Tactics and Techniques report, we saw a number of high profile breaches targeting the personal information of hundreds of millions of people. We also observed shifts in malware distribution, the revival of some old families, and found cases of international tech support scams.
We review a trick that the Magnitude exploit kit uses to bypass security scanners.
This post shines some light on a ‘gate’ belonging to the geo-targeted Magnitude exploit kit.
The second quarter of 2017 left the security world wondering, “What the hell happened?” With leaks of government-created exploits being deployed against users in the wild, a continued sea of ransomware constantly threatening our ability to work online, and the lines between malware and potentially unwanted programs continuing to blur, every new incident was a wakeup call.In this report, we are going to discuss some of the most important trends, tactics, and attacks of Q2 2017, including an update on ransomware, what is going on with all these exploits, and a special look at all the breaches that happened this quarter.
For a while, it appeared that Locky ransomware had completely disappeared and allowed for Cerber to take the number one spot as the most distributed piece of ransomware. But after a long absence, Locky returns in full swing.
The first quarter of 2017 brought with it some significant changes to the threat landscape and we aren’t talking about heavy ransomware distribution either. Threats which were previously believed to be serious contenders this year have nearly vanished entirely, while new threats and infection techniques have forced the security community to reconsider collection and analysis efforts.
In our first wrap-up of the threat landscape, we are going to cover the trends observed during the last few months of 2016, provide an analyst’s view of the threats, and offer some predictions for the beginning of 2017. Moving forward, every quarter we will bring you a view of the threat landscape through the eyes of Malwarebytes researchers and analysts.
PrincessLocker ransomware has appeared some time ago and has drawn out attention by using the same template of the site for a victim as Cerber did. In this article, we dig deeper and try to answer questions about its internal similarities with Cerber (and other known ransomware).