Serpent is the 4th generation of the malware originally known as Zyklon. First, it became WildFire, then Hades Locker, and now, Serpent. This type of ransomware typically spreads through spear phishing emails containing a link to download the cryptolocker.

Spora ransomware has been active since the beginning of this year. Typically, it is distributed through spear phishing and watering hole attacks, but the recently discovered variant spreads through the HoeflerText pop-ups on infected websites in EITest campaigns.

Even though Spora ransomware is not new, the latest modification, when it was first discovered, was only blocked by a limited number of anti-malware programs. This could be due to the fact that the new build is using the polymorphic encryptor to create new copies of itself for further spreading and extra code obfuscation. It also has a slightly changed payload.

Whenever there’s a large-scale ransomware attack like WannaCry and EternalPetya, the number of infected computers reported by the media can be overwhelming.  It’s easy to forget there are thousands of individuals who need to rebuild their digital lives in the aftermath.  

But hearing customers talk about how Acronis saved their data is a great reminder that our solutions help real people every day. Take yesterday’s email titled “How Acronis True Image 2017 NG proved to be a lifeguard.”

The well known Cerber ransomware continues to be active this summer. The size of the cryptolocker varies between 244 to 292 Kbytes, with the new builds spreading via spear phishing email campaigns, targeting enterprises. The latest Cerber ransomware easily bypasses traditional defenses. The analyzed Cerber sample (MD5: cfd2d6f189b04d42618007fc9c540352) was only detected as a suspicious malicious object by nine out of 64 antiviruses on the first submission to Virustotal. The low detection rate can be explained by the fact that the cryptolocker is using a polymorphic encryptor and API call obfuscation to protect its copies from being detected by antiviruses.