Malware News and Trends

David Balaban

Subscribe to David Balaban: eMailAlertsEmail Alerts
Get David Balaban: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Latest Blogs from David Balaban
The .wallet file extension has been trending in cybercriminal circles for months. Crooks are fond of assigning their perpetrating code to smear encoded data using that string. The motivation is quite clear: extortion is all about money. Cryptocurrency, Bitcoin wallets – the logical tra...
Present-day malware is groundbreaking enough to slip under the radar of traditional defenses. Cybercriminals have plenty of time and resources to test their perpetrating code extensively. The malicious code can then potentially circumvent regular detection mechanisms and raise no red f...
YouTube is the 1st place you’ll refer to when you want to find a video to watch. It hosts a great number of videos of any kind: music clips, cartoons, how-to’s, free movies, and many more. Some years ago when YouTube appeared on the Net, the service was completely ad-free. Then the com...
$49.95 ShieldApps Ransomware Defender adds a rock-solid layer of protection against ransomware to detect and lock down all known and new file-encrypting threats. Buy Now As the ransomware epidemic is going on a rampage, there is no computer completely immune to crypto-backed onslaughts...
This timeline fully reflects the state of the ransomware ecosystem over the period of May – December 2016. For your convenience, the entries are intuitively split up by the following categories: new ransomware released; existing ransomware updated; free decryptors created; and ot...
This is a comprehensive report on ransomware-related events covering a time frame of May – December 2016. The incidents herein are visually broken down into categories, including new ransomware, updates of existing strains, decryptors released, and other noteworthy news. Security...
A brand-new iteration of the deleterious Locky ransomware is out. Expert reports about the update started to appear on December 5, which is almost a fortnight after the ZZZZZ precursor surfaced. The latest tweak means that the files affected by Locky will now have the .osiris extension...
Privacy-PC is officially opening the Christmas shopping season with a fantastic deal. With the featured promotion in store for our esteemed visitors, Black Friday 2016 couldn’t possibly get any more secure. Ready? Here we go! Get up to 60% off on the award-winning Bitdefender products ...
There are so many benefits to using a VPN service when browsing the Internet, it shocks me that so many people do without. If you’re one of those wondering whether you should sign up with a VPN provider, let me convince you to do so with the following five reasons – I’m confident they’...
As the recent Thor ransomware release has demonstrated, the threat actors in charge are adding a fair degree of incoherence to the average time span between different variants of the Locky crypto epidemic. Whereas the timing used to be on the order of three months, it took the bad guys...
Finally, John Bambenek and Lance James touch upon Operation Tovar that ended CryptoLocker campaign, and dwell on the lessons learned from this whole incident. John Bambenek: Operation Tovar, going on to takedown (see right-hand image). Law enforcement agencies of 13 countries and lots ...
0/$24.95 Recovering various types of deleted data is fast, easy and effective with Recuva by Piriform. Download Recuva, a lightweight freeware applet by Piriform, is one of the world’s most effective solutions aimed at reviving deleted data. The usefulness of file recovery tools revolv...
The security experts keep on providing CryptoLocker facts that they were able to discover, including HUMINT details, victim communication and HDD forensics. Lance James: We’re also sending a message quickly, and we need to keep that message going. You even saw the FBI has been doing it...
As part of their story on CryptoLocker analysis, John Bambenek and Lance James dwell on the methodology of tracking the ransomware via payments and DGA. John Bambenek: So, taking a look at CryptoLocker. A lot of this was a study in contradictions, because there were indicators that did...
$24.95 HitmanPro.Alert 3.5 with CryptoGuard bridges the security gap in 0day and ransomware attack scenarios. Download While the world’s largest antimalware labs are at their wit’s end trying to contrive a solution that would efficiently combat crypto ransomware, the Dutch company call...
The experts shift their focus over to CryptoLocker attack mitigation and touch upon the cooperation of law enforcement and security industry on this case. John Bambenek: So, a little bit of recovery and defenses (see right-hand image). A lot of this is best practice stuff. If you get y...
As the presentation continues, the researchers share their findings on the uniqueness of CryptoLocker ransomware and the reasons it was such a viable threat. John Bambenek: In August 2013, CryptoLocker appears. I get a call from one of my clients – that’s how I first found it – from a ...
Security experts Lance James and John Bambenek tell the Black Hat USA audience how they got together on the CryptoLocker ransomware case and how it went. Black Hat USA host: With no further ado, I will introduce our speakers today. We have John Bambenek and Lance James. Lance James: So...
Cybercriminals keep on devising intricate instruments in pursuit of a more efficient online extortion. Compared to the myriads of crypto ransomware floating around the worldwide web these days, the one named Cerber appears to be more advanced as it accommodates a few out-of-the-ordinar...
The victims of ransom Trojans incur a great deal of damage because the thing at stake is their personal data. The indicators of compromise when it comes to ransomware are rather straightforward. These malicious programs don’t conceal the impact that they impair to users, displaying ste...
Crypto ransomware programs come and go, but the idea of online extortion stays and perseveres with its progress. Having vanished from the antimalware radars for a while, the sample called Locky recently reappeared with a number of new features. Researchers consider the latest spike in ...
Ransom Trojans have evolved over time. The newer variants target files on a computer’s local drives, network shares and cloud paths alike. It's been years since it became obvious that crypto isn't necessarily usable for benign purposes only. Back in the day, a variety of data encrypt...
Lastline Labs’ Engin Kirda now describes the encryption, deletion and locking mechanisms leveraged by ransomware and also focuses on mitigation techniques. So what are the attack payloads? Encryption, of course, is a popular thing. About 5% of the samples that we actually looked at wer...
The evolution of ransomware code and behavior since the emergence of these hoaxes up till the present day is what Engin Kirda covers in this part of his talk. So how has ransomware evolved over the years? Well, the ransomware concept actually dates back to the end of the 80s – the begi...
Engin Kirda, the co-founder of Lastline Labs, took the floor at Black Hat USA to give a retrospective view of ransomware and analyze its present-day flaws. Hi! Good afternoon everyone. Thanks for showing up. I have the pleasure of having the last session. Hopefully it’s not the curse o...
Zoz now stages experiments with high voltage as a method to demolish SSD drives and provides a general summary on destruction techniques that work the best. I have to go really fast now with electric. There aren’t too many things in there (see right-hand image). The goal was, you know,...
Having conducted enough experiments with the Munroe effect over shaped charges, Zoz decides to try diamond charges and a blast suppression technique. So I feel good about shaped charges, but there’s one other charge I wanted to try, which is a diamond charge (see right-hand image). The...
Courtesy of a neighboring bomb squad, Zoz gets the chance to play around with oil well perforators by utilizing them in his staged data demolition experiments. Alright, moving on, the bomb squad said to us “Oh, by the way, we have hundreds of these oil well perforators that we want to ...
Zoz continues his series of HDD destruction experiments as he gives annular and radial shaped charges a shot and tries the compression welding technique. The stearic acid turns out to be a really important component of this explosive. And if you don’t get that amount right, it doesn’t ...
This part of Zoz’ research is a 101 on HDD demolition through physical damage rather than heat, so find out what techniques he leveraged and how it all went. Alright, moving on to part 2 – kinetic (see right-hand image). The goal here was to deform, spindle, mutilate the drive, basical...
Security analysts mostly deal with ransomware attacks deployed through exploits, booby-trapped email attachments, or Microsoft Office loopholes occurring when users are tricked into enabling macros. A series of recent onslaughts, however, stand out from the crowd because the offenders ...
As Zoz keeps experimenting with thermal methods to completely ruin HDDs, he tries more substances based on thermite and draws some interesting conclusions. So alright, I wasn’t ready to give up yet. I know that in military thermite grenades they actually don’t use straight thermite – t...
Having highlighted the goals and rules for the research, Zoz demonstrates HDD destruction attempts via a couple of thermal methods, including oxygen injection. So method number one, the good old plasma cutter (watch video below). Starting off keeping things simple. I had used plasma cu...
This DEF CON 23 presentation by Dr. Andrew ‘Zoz’ Brooks turned out a blast, so read about the ways to destroy data on hard disks, and don’t try this at home. Hello DEF CON! I’m actually going to break with tradition this time and start one minute early, because I have so mu...
This is the final part of Black Hat USA presentation by Charlie Miller and Chris Valasek, where they show a few demos of what can be done to a car remotely. Charlie Miller: We figured out eventually how to do that. Chris Valasek: These are the Lua scripts that we would use to actually ...
The researchers continue looking into the vehicle attack workflow and examine cyber physical internals as well as the checksums to be able to control the Jeep. Chris Valasek: Let’s go through, very simply, how this works. You get on a cell network. You have your cell phone, you have yo...
Charlie and Chris venture to reach a new level of vehicle compromise by exploiting the V850 microcontroller’s firmware to remotely issue arbitrary commands. Charlie Miller: So far in this story, we could only play with your radio. It’s kind of cool, but not super-cool. Chris Valasek: W...