Sunday, 29 September 2019

GermanWiper: One More Wiper Pretending to Be Ransomware


GermanWiper was first seen on the BleepingComputer forum on July 30, 2019. After analysis, it turned out that the malware is rather a wiper than ransomware. Interestingly, GermanWiper managed to raise $9,000 almost reaching the result of $10,500 (4.13528947 BTC) earned by another wiper called NotPetya in June 2017. Let us take a close look at the ransomware to find out the installation process, communication details, and wiping details.

Tuesday, 27 August 2019

Anti-Cryptojacking Test - July 2019



Cryptojacking or malicious cryptomining is a new type of threat that can be described as the unsolicited use of a user’s computing device to mine cryptocurrency. There are two types of cryptojacking attack: general-purpose and targeted.

Saturday, 23 March 2019

Analysis of LockerGoga Ransomware


Картинки по запросу Norsk Hydro
Norsk Hydro back in 1905. 
Source: https://commons.wikimedia.org/wiki/File:Rjukan_fabrikker_-_Norsk_Hydro.jpg

This week BleepingComputer reported that LockerGoga ransomware was allegedly responsible for disrupting the Norsk Hydro's IT control system and forced the Norwegian industrial giant to switch to the manual operation mode. Later, according to Motherboard, this ransomware disrupted IT services of the two more US chemical companies Hexion and Momentive. Thus, it seems that the attackers behind LockerGoga target critical infrastructure and those mentioned above are not the only victims of the ransomware up to the moment. Further, we provide a detailed analysis of the ransomware encryption process.