Blog

Ransomware

Is the Coronavirus becoming an attack channel for ransomware?

 March 30, 2020
Ransomware attacks happening under the name of Coronavirus

Estimated reading time: 3 minutes

Nowadays, everybody is aware of the term, ‘Novel Coronavirus.’ All over the world, 7.7 Billion people have gotten affected by Coronavirus directly or indirectly. It has impacted so badly that currently, entire mankind is frightened and worried about the future of their survival. As per sources, it originated in China...

Fake Coronavirus tracking app exploiting our fear and vulnerable social situation

 March 20, 2020

Estimated reading time: 4 minutes

As the Coronavirus spreads across countries creating fear across the globe, everybody wants to stay on top of any information related to it wanting to remain safe and away from infected people. Malware authors are also taking advantage of this situation. Previously on the Android Playstore, there were many  applications present which claimed...

Mailto Ransomware under the skin of explorer.exe

Estimated reading time: 5 minutes

All of us, at some point in time,  must have heard the story of Wolf and the flock of sheep. The fooling trick used by the wicked wolf of pretending to be a sheep is still in use by many malware authors. They pretend to be genuine processes to achieve...

Ouroboros: Following A New Trend In Ransomware League

 February 18, 2020

Estimated reading time: 5 minutes

Ransomware authors keep exploring new ways to test their strengths against various malware evasion techniques. The ransomware known as “Ouroboros” is intensifying its footprint in the field by bringing more and more advancements in its behavior as it updates its version. This analysis provides the behaviour of version 6, few...

A Deep Dive Into Wakeup On Lan (WoL) Implementation of Ryuk

 February 13, 2020

Estimated reading time: 5 minutes

Quick Heal Security Labs recently came across a variant of Ryuk Ransomware which contains an additional feature of identifying and encrypting systems in a Local Area Network (LAN). This sample targets the systems which are present in sleep as well as the online state in the LAN. This sample is packed with...

HorseDeal Riding on The Curveball!

 February 5, 2020

Estimated reading time: 5 minutes

It’s surprising to see how quickly attackers make use of new vulnerabilities in malware campaigns. Microsoft recently patched a very interesting vulnerability in their monthly Patch Tuesday update for January 2020. It’s a spoofing vulnerability in Windows CryptoAPI (Crypt32.dll) validation mechanism for Elliptic Curve Cryptography (ECC) certificates. An attacker could...

First Node.js-based Ransomware : Nodera

 January 22, 2020

Estimated reading time: 5 minutes

Recently while threat hunting, Quick Heal Security Labs came across an unusual Node.js framework based Nodera ransomware. The use of Node.js framework is not seen commonly across malware families. Latest development by threat actors reveal a nasty and one-of-its-kind ransomware being created; one that uses Node.js framework, which enables it to infect Windows...

STOP (Djvu) Ransomware: Ransom For Your Shady Habits!

 January 15, 2020

Estimated reading time: 9 minutes

With almost 200 extensions, STOP (djvu) ransomware can be said to be 2019’s most active and widespread ransomware. Although this ransomware was active a year before, it started its campaign aggressively in early 2019. To evade detection, it has been continuously changing its extensions and payloads. For earlier infections, data...

Ransomware As A Tool – LockerGoga

 July 3, 2019

Estimated reading time: 5 minutes

Ransomware authors keep experimenting with the development of payload in various dimensions. In the timeline of ransomware implementations, we have seen its evolution from a simple screen locker to multi-component model for file encryption, from novice approach to a sophisticated one. The Ransomware as a Tool has evolved in wild...

JCry – A Ransomware written in Golang!

  • 2
    Shares
 April 9, 2019

Estimated reading time: 4 minutes

For several months, QH Labs has been observing an upswing in ransomware activity. We found a new ransomware which is written in Go lang. Malware authors are finding it easy to write ransomware in Go lang rather than traditional programming languages. Infection of Jcry ransomware starts with a compromised website. As...