Tag: Ransomware

MrB Ransomware (.mrB Files) – Analysis & File Decryption

MrB is a novice ransomware sample. Remove it before recovering the files

MrB ransomware is a new Dharma ransomware sample, discovered on February 21, 2024. It is distinctive for applying a complex extension to the encrypted files that ends up with “.mrB”. This ransomware primarily attacks small corporations and asks the ransom only for decrypting the files, i.e. it does not practice double extortion. Jakub Kroustek was… Continue reading MrB Ransomware (.mrB Files) – Analysis & File Decryption

LockBit Ransomware Taken Down by NCA

LockBit was considered the toughest nuts, but then law enforcements pulled a nutcracker

On February 19, 2024, LockBit ransomware was taken down by the UK National Crime Agency in cooperation with a selection of other law enforcement agencies. The banner typical for such takedowns now illustrates all the web assets of LockBit ransomware. There is quite a hope about the possible release of decryption keys and even a… Continue reading LockBit Ransomware Taken Down by NCA

SYSDF Ransomware (.SYSDF Files) – Malware Analysis & Removal

New Dharma sample encrypts user files and adds .SYSDF extension to them

SYSDF is a ransomware-type program that belongs to the Dharma malware family. Such malicious software aims mainly at small companies, aiming at file encryption with further requests for ransom payment for their decryption. It was originally discovered by Jakub Kroustek on February 16, 2024. What is SYSDF Ransomware? SYSDF ransomware is a yet another example… Continue reading SYSDF Ransomware (.SYSDF Files) – Malware Analysis & Removal

White Phoenix Decryptor by CyberArk Updated With Web Interface

A rare universal decryptor for a selection of ransomware samples is now available online

CyberArk has released an online version of a file decryptor. This is a simplified, web version of the “White Phoenix” decryptor, initially available from the source code placed on GitHub. White Phoenix Decryptor by CyberArk Goes Online CyberArk, a public information security company that previously developed White Phoenix decrypter, has recently published a simplified web… Continue reading White Phoenix Decryptor by CyberArk Updated With Web Interface

Kasseika Ransomware Exploits Vulnerable Antivirus Drivers

Kasseika ransomware uses a vulnerable antivirus driver to stop security solutions in the attacked system

A new ransomware called “Kasseika” uses Bring Your Own Vulnerable Driver tactics to disable antivirus software before encrypting files. Kasseika was likely built by former members of the BlackMatter group or experienced ransomware actors who purchased its code. Kasseika Ransomware Deploys BYOVD Attacks A new ransomware operation known as “Kasseika” has recently been discovered. This… Continue reading Kasseika Ransomware Exploits Vulnerable Antivirus Drivers

LockBit Ransomware Uses Resume Word Files to Spread

LockBit ransomware group is back to utilizing Word files to distribute the payload.

A recent investigation by ASEC reveals the new tactics of an infamous LockBit ransomware. “Post-paid pentesters” started masquerading as innocuous summaries in Word documents. Ironically, this similar tactic is reminiscent of its past modus operandi. This clever tactic allows the ransomware to infiltrate systems unnoticed. LockBit Ransomware in action The LockBit ransomware, known for its… Continue reading LockBit Ransomware Uses Resume Word Files to Spread

Tortilla (Babuk) Ransomware Decryptor Available

Cisco Talos and Avast Threat Labs elaborated a decryptor for Tortilla ransomware

On January 9, 2024, Avast and Cisco Talos announced the release of a free decryptor for one of the Babuk ransomware variants – Tortilla. Analysts ensure that all the victims of the said threat actor can use the decryptor to get their files back. That is the second ransomware strain to get the decryptor in… Continue reading Tortilla (Babuk) Ransomware Decryptor Available

Black Basta Ransomware Free Decryptor Available

It is now possible to decrypt Black Basta ransomware, specifically its variants from November 2022 to December 2023

SRLabs researchers published a free decryptor for BlackBasta ransomware. They discovered the vulnerability in the way malware handles the encryption process and found the way to recover the encryption key and get the files back. The decryptor is called Black Basta Buster and is available for free on the devs’ GitHub page. Black Basta Decryptor… Continue reading Black Basta Ransomware Free Decryptor Available

What are Remote Encryption Attacks? Explanation & Mitigation

Hackers found a straightforward yet effective way to circumnavigate the security

The digital world is seeing a surge in remote encryption attacks – a sophisticated ransomware attack. Although there is nothing new in this technology, it looks like a YouTube video uploaded ten years ago that is gaining recommendations just now. In this article, we’ll look at the intricacies, evolution, and effective countermeasures of these attacks.… Continue reading What are Remote Encryption Attacks? Explanation & Mitigation

ALPHV Site Taken Down by the FBI

One of ALPHV group's sites are taken down by the FBI

On December 19, 2023, one of the ALPHV/BlackCat ransomware sites was taken down by the FBI. The typical FBI banner now decorates its main, while other sites of the cybercrime gang are still online. This event is possibly related to the 5-day downtime of all the gang’s Darknet infrastructure a week ago. ALPHV/BlackCat Ransomware Site… Continue reading ALPHV Site Taken Down by the FBI