Blog

Encryption

Data Breach – Understanding the severity of it

 July 15, 2020

Estimated reading time: 2 minutes

A data breach is a security gap in which information or data is accessed or stolen without authorization. It is a breach of trust between the owner of the data and the party that accesses it without consent. To put it in simpler terms it a nonconsensual usage of someone’s...

Ouroboros: Following A New Trend In Ransomware League

 February 18, 2020

Estimated reading time: 5 minutes

Ransomware authors keep exploring new ways to test their strengths against various malware evasion techniques. The ransomware known as “Ouroboros” is intensifying its footprint in the field by bringing more and more advancements in its behavior as it updates its version. This analysis provides the behaviour of version 6, few...

A Deep Dive Into Wakeup On Lan (WoL) Implementation of Ryuk

 February 13, 2020

Estimated reading time: 5 minutes

Quick Heal Security Labs recently came across a variant of Ryuk Ransomware which contains an additional feature of identifying and encrypting systems in a Local Area Network (LAN). This sample targets the systems which are present in sleep as well as the online state in the LAN. This sample is packed with...

HorseDeal Riding on The Curveball!

 February 5, 2020

Estimated reading time: 5 minutes

It’s surprising to see how quickly attackers make use of new vulnerabilities in malware campaigns. Microsoft recently patched a very interesting vulnerability in their monthly Patch Tuesday update for January 2020. It’s a spoofing vulnerability in Windows CryptoAPI (Crypt32.dll) validation mechanism for Elliptic Curve Cryptography (ECC) certificates. An attacker could...

Ako Ransomware targeting businesses using RaaS

 January 24, 2020

Estimated reading time: 5 minutes

Ako Ransomware targeting businesses using RaaS Quick Heal security researchers recently observed ransomware that uses RaaS (Ransomware as a Service) which is a subpart of MaaS (Malware as a Service). Before delving into the AKO ransomware or RaaS, one must understand what Malware as a Service means, as it is...

First Node.js-based Ransomware : Nodera

 January 22, 2020

Estimated reading time: 5 minutes

Recently while threat hunting, Quick Heal Security Labs came across an unusual Node.js framework based Nodera ransomware. The use of Node.js framework is not seen commonly across malware families. Latest development by threat actors reveal a nasty and one-of-its-kind ransomware being created; one that uses Node.js framework, which enables it to infect Windows...

STOP (Djvu) Ransomware: Ransom For Your Shady Habits!

 January 15, 2020

Estimated reading time: 9 minutes

With almost 200 extensions, STOP (djvu) ransomware can be said to be 2019’s most active and widespread ransomware. Although this ransomware was active a year before, it started its campaign aggressively in early 2019. To evade detection, it has been continuously changing its extensions and payloads. For earlier infections, data...

MegaCortex Returns…

 July 30, 2019

Estimated reading time: 5 minutes

MegaCortex, a ransomware which was first spotted in January this year, has become active again and has changed the way it previously attacked/targeted the corporate world. In order to simplify its execution and increase its scale of operation, it uses ‘Command Prompt’ instead of ‘PowerShell’ in current targeted campaign. Key...