Čvc 02

Worrisome Locky Ransomware Variant Zepto is Making The Rounds

Source: bitcoin

Zepto Ransomware

There is a now form of Bitcoin ransomware on the block, going by the name of Zepto. At its core, this is a different variant of the Locky malware, which has been making the rounds for quite some time now. Security researchers detected a spike in the distribution of this new ransomware. As one would expect, Internet criminals are using spam emails to distribute this payload.

Also read: Are the Winklevoss Twins Bringing the Bitcoin Price Back Up?

Bitcoin ransomware has proven to be a very lucrative business, assuming one can distribute the malware on a large scale. Spam emails are a preferred method of distribution, as it allows criminals to reach a lot of potential targets with little effort. Security researchers detected a spike in Zepto distribution as of June 27.

Zepto Ransomware Arrives On The Scene

What makes Zepto so interesting is how it is sharing similarities with Locky. This latter malware has been causing a lot of headaches for individuals and enterprises around the world. While there are obvious similarities between the two strains, there is something different about Zepto. Security researchers are trying to figure out how to classify this new type of malware.

On June 27, over 137,000 spam messages were sent out, all of which contain the Zepto payload. Malicious attachments in emails are an effective manner to distribute malicious code. Even though there have been plenty of warnings regarding downloading email attachments, the potential for infection remains very high.

Specific aspects of this ransomware make it appear very similar to Locky. Both types use the same type of RSA encryption keys, they leave similar file types behind, and the ransom text is nearly identical. Despite these similarities, the new kind of ransomware is far from ineffective, though.

Cisco Talos Sr Technical Leader Craig Williams explained the threat as follows:

“If Zepto sticks with this attack vector it may never become a serious threat. However, it’s very likely Zepto moves into exploit kits as time goes on. A move by Zepto to malvertising, for example, could get bad very fast. “

Ransomware developers have stepped up their game in recent months, by continuously improving their malicious software. Security researchers are concerned Zepto has the potential to infect thousands of users in the coming weeks. So far, over 3,300 unique samples of the malware have been identified, which is a rather staggering number.

What are your thoughts on yet another new form of ransomware? Let us know in the comments below!

Source: Cisco Talos

Images courtesy of Shutterstock, Cisco Talos

The post Worrisome Locky Ransomware Variant Zepto is Making The Rounds appeared first on Bitcoinist.net.

Worrisome Locky Ransomware Variant Zepto is Making The Rounds

Share
Čvn 18

Symantec Report Indicates End of Locky Ransomware Threat

Source: bitcoin

Bitcoinist_End of Locky

Although malware threats and exploit kits are a significant threat to our society, various types are showing a decrease in activity. Angler, Locky, and Dridex are the three top categories which see less interest all of a sudden. For now, it remains unclear as to why this decrease is taking place, albeit it is possible criminals are turning toward new solutions.

Also read: Industry Report: Digital Currency Is Booming Across the Globe

Ransomware and malware have been the top two threats since 2015. Many institutions and consumers have fallen victim to these threats, but it looks like Dridex and Locky are slowing down regarding usage. Moreover, the Angler exploit kit, which is often used to deliver these two types of malicious software, is losing popularity as well.

Locky Ransomware On The Way Out

According to a recent survey by Symantec, all of these three groups have all but ceased operating. Some of the other significant threats affecting customers and enterprises are also scaling back their activity. That being said, it is not unlikely to think other types of malware and ransomware will start seeing an increase in popularity over the next few months.

The decrease in Locky activity is quite noteworthy, as the ransomware was showing significant success a few weeks ago. However, over the past two weeks, nearly no activity has been noted by Symantec. Whether This is due to a disruption in their operations, or just a business decision to scale back, is unknown at this time.

Dridex and Angler Are Losing Ground

Dridex, one of the leading types of financial fraud Trojans, has seen its presence drop to near zero over the past month. That being said, the malware is still roaming in the wild, albeit far less frequent than ever before. Moreover, some of the botnets associated with spreading the Dridex banking malware are still in operation to this very day. It also appears as if Word macro downloaders are still delivering Dridex through email spam campaigns.

But the biggest shock comes in the form of the Angler exploit kit showing a significant decrease in usage. For quite some time, this toolset has been a fan favorite among internet criminals. It is worth noting that, ever since CryptXXX started showing a decrease in activity, so did the Angler exploit kit. Other types of exploit kits are showing similar results, which may indicate internet criminals will look for different tools to wreak havoc on computers and networks.

What are your thoughts on this Symantec report? Let us know in the comments below!

Source: Symantec

Images courtesy of Symantec, Shutterstock

The post Symantec Report Indicates End of Locky Ransomware Threat appeared first on Bitcoinist.net.

Symantec Report Indicates End of Locky Ransomware Threat

Share
Kvě 18

Malware-as-a-service Is A Cheap Way To Spread Bitcoin Ransomware

Source: bitcoin

Bitcoinist_Malware-as-a-service

Cyber security is on the minds of everybody in the technology world these days, yet hackers and internet criminals seem to be outsmarting the masses yet again. One particular cyber criminal syndicate is using malware-as-a-service through the Nuclear exploit kit.

Also read: Kaspersky Labs Outsmarts CryptXXX Bitcoin Ransomware Developers Again

Malware-as-a-service Is A Thing Now

Everything is being turned into some “as-a-service” model, whether it is technology, the blockchain, or in this case, malware. A syndicate of cyber criminals are using the Nuclear exploit kit to spread malware worldwide, and they control a total of fifteen active control panels. Up until now, no one has any idea as to who is behind this “business model”, although there are indicators Russian hackers are involved.

Check Point, a security research team, recently uncovered how the malware-as-a-service business model brings in roughly US$100,000 a month in revenue. That is a rather staggering amount, which goes to show how much interest there is by internet criminals to infect computers around the world with malware and ransomware.

By using these 15 Nuclear control panels, the malware-as-a-service providers infected nearly two million devices last month. Although the success rate was only 9.95%, that still leaves over 184,000 machines infected with malware. This number does not come as a complete surprise either, as exploit kits facilitate the execution of ransomware and banking Trojans remotely.

What makes the malware-as-a-service business model so dangerous is how cyber criminals help other malicious individuals attack unsuspecting users. Nuclear has been one of the top exploit kits for quite some time now, and it looks like this trend will continue for the foreseeable future.  

However, it is important to note this entire malware-as-a-service business model has a critical flaw, as there is a central point of failure. The master server for all of these portals is controlled by the service provider, which inserts a certain level of “trust among criminals”. If the service provider would be arrested, law enforcement may be able to shut down all of the other portals.

Check Point also reports that ransomware is the dominant payload for this malware-as-a-service business model. Their statistics indicate close to 110,000 Locky droppers have been sent out, leading to US$12.7m in financial losses for victims. However, it appears some of the Nuclear portals have already been shut down, according to the report, which is a rather surprising turn of events.

Are you concerned about the malware-as-a-service phenomenon? What can we expect from internet criminals in the future/ Let us know in the comments below!

Source: Check Point

Images courtesy of Shutterstock, Check Point

The post Malware-as-a-service Is A Cheap Way To Spread Bitcoin Ransomware appeared first on Bitcoinist.net.

Malware-as-a-service Is A Cheap Way To Spread Bitcoin Ransomware

Share