Today Malwarebytes released their latest security offering called Malwarebytes Anti-Ransomware. Malwarebytes Anti-Ransomware, or MBARW for short, is currently in beta and is a small utility that runs in the background while quietly monitoring computer for behavior associated with file encrypting ransomware.
In a post on the BleepingComputer.com forums, the developer of the Magic Ransomware infection is blackmailing the author of the open source Hidden Tear and EDA2 Ransomware Project. The malware developer's demands are simple; take down the Hidden Tear project or their Magic ransomware's victims lose their keys forever.
A new ransomware has been discovered that utilizes the open source ransomware kit called eda2. This ransomware will encrypt your data with AES encryption, append the .magic extension to encrypted files, and then demand 1 bitcoin to decrypt your data.
Now that TeslaCrypt 3.0 has been released and the malware developer has fixed a flaw in his program, we are releasing information on how to decrypt files encrypted by earlier variants. This article explains how volunteers cracked TeslaCrypt's encryption key storage algorithm to help people recover their files for free.
Apple released security updates today for Safari, OS X, and iOS that resolve critical vulnerabilities that could lead to remote code execution. Remote code execution vulnerabilities allow an attacker to create specially crafted web sites or files that could allow the attacker to execute commands and programs on vulnerable platforms.
Today Microsoft and Adobe both released updates for numerous critical remote code execution vulnerabilities in their products. It is strongly advised that every Windows, Adobe Acrobat, and Adobe Reader user install these updates immediately.
The TeslaCrypt developers release version 3.0 of their ransomware infection, which includes a modified encryption algorithm and the .XXX extension for encrypted files.
A security update has been released for QuickTime that resolves numerous remote code execution and application termination vulnerabilities. QuickTime 7.7.9 has been released to fix these updates and all users are advised to install it immediately.
A security advisory has been released by VMware for a Windows-based guest privilege escalation vulnerability that affects VMware ESXi, Fusion, Player, and Workstation. It is suggested that all users of these products upgrade to the latest patch immediately.
A new ransomware has been spotted called CryptoJoker that encrypts your data with AES-256 encryption and then demands a ransom to recover your files.
With file-encrypting ransomware on the rise, everyone needs to learn tips and tricks on how to protect yourself of mitigate the damages done by these infections. In this article we discuss a tip where Windows alerts you in a not so obvious way that something is not right.
The developer of the Radamant Ransomware Kit does not appear to be happy with Fabian Wosar and Emsisoft for the releases of decrypters that allow the victim's to recover their files for free. This displeasure is being shown in the names of their C2 servers and strings in the malware executable.
It has been discovered that The Radamant Ransomware Kit has been for sale on underground malware and exploit sites for almost three weeks. This kit is a full turn-key solution that allows any budding criminal to distribute their own ransomware.
On Christmas Day, due to configuration on Steam's servers, visitors were able to view cached pages of other user's accounts. This allowed them to see account details such as email addresses, mailing addresses, and other private information.
The latest release of TeslaCrypt still refers to itself as version 2.2.0, but there are still some minor changes compared to the last release. These changes include minor differences in the ransom note and differ file header for the encrypted files.
Microsoft announced Monday that they will no longer tolerate adware that utilizes man-in-the-middle attacks to inject advertisements into web browsers. These techniques do not use the browser's normal extensibility model and thus remove the choice from the end user.
Last week we wrote about a new ransomware called the Ramadant Ransomware Kit that was encrypting files and adding the .RDM extension. Fabian Wosar, of Emsisoft, further analyzed the infection and was able to find a weakness in the encryption algorithm so that victim's can recover their files for free.
A new ransomware is in the wild that has been dubbed Gomasom (GOogle MAil ranSOM) by Fabian Wosar of Emsisoft due to its use of gmail email addresses in the encrypted file names. This ransomware is particularly destructive as it will not only encrypt data files but will also encrypt executables.