On December 26, 2017, the Necurs botnet delivered a late Christmas gift – the new version of GlobeImposter ransomware. Attached to spam messages as zip archives, the zip archive contains a JavaScript that downloads and installs ransomware on a victim’s computer.

The ancient Greeks once warned about “the cure being worse than the disease.” Unfortunately, that’s exactly what’s happened when Microsoft released its patches for the Meltdown-Spectre vulnerabilities. Microsoft’s fix is bricking some computers, proving once again that creating a backup before installing any system update is critical.

New security research has been made public revealing the Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715) vulnerabilities in modern processors. These vulnerabilities allow programs to break the isolation between applications, which means malicious applications could access the memory of another program running on the same machine. (For a detailed attack description, please visit https://spectreattack.com/ or https://meltdownattack.com/.)

Ransomware continues to threaten anyone using a Windows, macOS, or Android device, and individuals and business owners alike are paying ransoms because they don’t adequately protect their systems. While anti-ransomware solutions are available for devices like laptops, PCs and mobile phones, other Internet of Things (IoT) devices remain at risk. Our 2018 Ransomware Forecast looks at what threats we may soon face.