Ransomware

Serpent ransomware

Serpent is the 4th generation of the malware originally known as Zyklon. First, it became WildFire, then Hades Locker, and now, Serpent. This type of ransomware typically spreads through spear phishing emails containing a link to download the cryptolocker.

Spora ransomware

Spora ransomware has been active since the beginning of this year. Typically, it is distributed through spear phishing and watering hole attacks, but the recently discovered variant spreads through the HoeflerText pop-ups on infected websites in EITest campaigns.

Even though Spora ransomware is not new, the latest modification, when it was first discovered, was only blocked by a limited number of anti-malware programs. This could be due to the fact that the new build is using the polymorphic encryptor to create new copies of itself for further spreading and extra code obfuscation. It also has a slightly changed payload.

Fight Ransomware

Whenever there’s a large-scale ransomware attack like WannaCry and EternalPetya, the number of infected computers reported by the media can be overwhelming.  It’s easy to forget there are thousands of individuals who need to rebuild their digital lives in the aftermath.  

But hearing customers talk about how Acronis saved their data is a great reminder that our solutions help real people every day. Take yesterday’s email titled “How Acronis True Image 2017 NG proved to be a lifeguard.

Cerber Ransomware

The well known Cerber ransomware continues to be active this summer. The size of the cryptolocker varies between 244 to 292 Kbytes, with the new builds spreading via spear phishing email campaigns, targeting enterprises. The latest Cerber ransomware easily bypasses traditional defenses. The analyzed Cerber sample (MD5: cfd2d6f189b04d42618007fc9c540352) was only detected as a suspicious malicious object by nine out of 64 antiviruses on the first submission to Virustotal. The low detection rate can be explained by the fact that the cryptolocker is using a polymorphic encryptor and API call obfuscation to protect its copies from being detected by antiviruses.

 

Patya Wiper

Remember that fast-moving cyberattack that slashed its way across the globe in late June? Turns out it wasn’t really ransomware but an even more malicious piece of malware called a “wiper” that left victims with no hope of getting back their data.  

A new ransomware variant avoided detection by being spread through a spear phishing email campaign as an obfuscated PowerShell script. Many traditional anti-malware solutions are not ready for the next generation of ransomware attacks. Acronis, however, has been very successful.

Protect from Industroyer

If you are interested in cybersecurity, you may remember Stuxnet, an infamous worm which stopped uranium enrichment plants in Iran back in 2010. It’s no longer a secret that it was an Israeli-American cyberweapon. Since that time there were a lot of cases where critical infrastructure was attacked without any political motivation. One recent case is Industroyer — a mix of cyber weapon and ransomware-like products. We were contacted by our big OEM partners running process control systems who asked about this threat, wondering if our newest anti-ransomware technology, namely Acronis Active Protection™ could help. And guess what? Acronis Active Protection does help!

Petya Ransomware

The new Petya-like ransomware just served a big blow to hundreds of banks, corporations, government organizations, post offices and shopping outlets around the world, spreading like fire, taking advantage of the EternalBlue exploit used by WannaCry ransomware only a few weeks before.

Petya, Petrwrap, EternalPetya — while the world is still deciding what to call this damaging ransomware worm, let’s pull it apart and see what it’s made of.

Petya Ransomware

Another fast-moving ransomware attack is tearing across the globe, striking a number of high-profile businesses, transportation networks, public utilities and government agencies in Europe and the United States.

The attack was initially focused in Ukraine and Russia. The National Bank of Ukraine saw ATMs across the country go down, and systems monitoring radiation at the former Chernobyl nuclear power plant were also affected. Russia’s largest oil company, Rosneft, was also hit.

Within hours the ransomware had spread in a manner reminiscent of last month’s WannaCry attack, victimizing the Copenhagen-based A.P. Moller-Maersk, the world’s largest container shipping company, and WPP in London, the world’s largest advertising agency, as well as entities in France and Spain.

It eventually hopped the Atlantic and landed in the United States.  

The Story That I'm Almost Too Embarrassed to Share

Ransomware Example

One weekday not that long ago, things started out as a normal morning at work. Coffee, morning music, checking email and getting into the daily routine... until our phones suddenly started ringing off the hook and our email started blowing up. It happened quickly and all at once. Our Quality and Engineering departments were getting Windows error dialog boxes when trying to open Excel files from our shared network drives. It took a minute to figure out what was happening, but we soon noticed that many of the files on our shared drives had been renamed. We also noticed that besides not being able to open files, there were some new readme files in our shared folders. Reviewing the readme files and doing a quick Google search revealed that we'd been hit with ransomware.