Category: Ransomware

Category: Ransomware

Bitcrypt broken

Ransomware is nothing new. You might already have heard about it already, since it is a kind of fraud which can impact anyone and do severe damages. Some ransomware forbid you to access to your computer, while some others do crypt files on your system so that you cannot open them anymore. No matter the

Bitcrypt 2 – Financial aspects

Some weeks ago, we have been blogging about a new ransomware called BitCrypt. To sum it up shorty, we had found a new ransomware which encrypted all pictures on the machine it infected, and asked the user to pay a ransom to get the files back. While we do not usually work on that kind

LeoUncia and OrcaRat

The PWC-named malware OrcaRat is presented as a new piece of malware but looking at the URI used for C&C communication, it could be an updated version of a well-known and kind of old piece of malware: LeoUncia. Status Let’s face it: px~NFEHrGXF9QA=2/5mGabiSKSCIqbiJwAKjf+Z81pOurL1xeCaw=1/xXiPyUqR/hBL9DW2nbQQEDwNXIYD3l5EkpfyrdVpVC8kp/4WeCaArZAnd+QEYVSY9QMw=2 URI taken from an OrcaRat sample.It looks a lot like: qFUtb6Sw/TytLfLsy/HnqI8QCX/ZRfFP9KL/_2yA9GIK/iufEXR2r/e6ZFBfoN/fcgL04f7/ZBzUuV5T/Balrp2Wm URI taken from

Ransomware „BadRabbit‟

Seit dem 24. Oktober hat unser Threat Intelligence-Team zahlreiche Nachrichten über eine neue Schadsoftware-Familie erhalten, die sich selbst als „BadRabbit‟ bezeichnet. Zielgruppe der neuen Bedrohung waren zunächst Institutionen und Unternehmen in Russland und in der Ukraine, darunter die russische Nachrichtenagentur Interfax, die U-Bahn in Kiew und der Flughafen in Odessa. Doch dann wurden weitere Angriffe

The OXID Resolver [Part 2] – Accessing a Remote Object inside DCOM

In the previous OXID Resolver Part 1 article [1], a way to remotely enumerate the network interfaces on a recent Windows OS machine has been described. This method does not require the knowledge of user credentials and relies on the ServerAlive2() RPC method. The latter is held by the IOXIDResolver interface. This article is dedicated

Back to top