How We Found Two New Ransomware Families and Built Their Decryptors

 
Ransomware is one of the most common and effective attack methods today, and it seems this trend isn’t going to change anytime soon. This last November, we found that ransomware attacks are surging, with our Global Threat Index showing that the number of ransomware attacks using Locky and Cryptowall increased by 10%. Today, Check Point’s Threat Intelligence Team reveals two new ransomware samples that were found in the wild, but also the decryption solutions which can help victims retrieve their lost data free of charge. Check Point is an Associate Partner of the No More Ransom (NMR) project, which aims to fight back against the ransomware epidemic. As such, our new decryption ...

Check Point discovers three Zero-Day Vulnerabilities in web programming language PHP 7

 
PHP 7, the latest release of the popular web programming language that powers more than 80% of websites, offers great advantages for website owners and developers. Some of them include doubling the performance and adding numerous functionalities. Yet for hackers, it represents a completely fresh attack vector, where they can find previously undisclosed vulnerabilities. During the past few months, we have analyzed PHP 7 and made it a priority to look into one of the most notoriously vulnerable areas of PHP: The unserialize mechanism. This is the same mechanism that was heavily exploited in PHP 5 and allowed hackers to compromise popular platforms as Magento, vBulletin, Drupal, Joomla!, ...

No More Ransom! Check Point adds firepower to the global ransomware battle

 
If you didn’t know what ransomware was at the start of this year, chances are that you do now. It’s been the biggest cybersecurity story of 2016 for both businesses and consumers. Back in February, a Hollywood hospital was forced to pay $17,000 in bitcoin to get its systems back online after an attack; while over the Thanksgiving weekend, ransomware hit San Francisco's Muni Metro, forcing it to give passengers free rides.  It has also found to be spreading in malicious images files on Facebook and LinkedIn.   What’s more, attacks targeting companies have trebled since January 2016. According to a new report, they have been reaching a frequency of one every 40 seconds, ...

Cloud Security Predictions and Trends

 
It’s that most wonderful time of the year – the time where I like to take a look back and reflect on what the year has been as well as look forward to take a peek into next year. With the start of every new year we see many exciting new trends. But if the past is any indication, the security threat landscape will constantly change and present new challenges ahead. Looking into some of those trends and challenges is our Check Point security team. At the end of each year, they spend time imagining what the threat landscape might look like in the coming year. This gives us the opportunity to analyze the security trends we’ve followed over the past year, and it allows us to creatively ...

An In-depth Look at the Gooligan Malware Campaign

 
Check Point mobile threat researchers today published a technical report that provides deep technical analysis of the Gooligan Android malware campaign, which was first announced on November 30. The report discusses the ins and outs of how more than one million Google accounts were breached, potentially exposing messages, documents, photos, and other sensitive data. A new variant of the Android malware found by Check Point researchers in the SnapPea app in 2015, Gooligan roots devices and steals email addresses and authentication tokens stored on the device. With this information, an attacker can access a user's Google account data within Google Play, Google Photos, Gmail, Google ...

Ransomware Attacks Spike Globally in November’s ‘Most Wanted’ Malware List

 
Ransomware attacks continued to rise worldwide during November, according to the latest monthly Global Threat Index from Check Point’s Threat Intelligence Research Team.   Ransomware attacks using the Locky and Cryptowall variants both increased by 10% in November from the previous month.   The research team found that both the number of active malware families and number of attacks remained close to an all-time high, as the number of attacks on business networks continued to be relentless.  For the first time, the Locky ransomware was the No.1 malware family in the largest amount of countries (34 worldwide) compared to Conficker, which was the top malware in 28 countries, ...

The Internet of ransomware Things

 
San Francisco’s Municipal Railway (MUNI) riders got to ride for free over the last weekend (Nov 25th-26th), after what appears as a ransomware hit the agency’s payment system. The alleged attack sought $73,000 in ransom for stolen city data. “Personal information of MUNI customers were not compromised as part of this incident,” Paul Rose, a spokesperson for the San Francisco Municipal Transit Authority (SFMTA), said Monday. “We’ve never considered paying the ransom,” he added, “because we have in-house staff capable of recovering all systems, and we’re doing that now.” Despite Rose’s guarantee, the alleged malware attacker issued a new threat to MUNI via news ...

Check Point vSEC Achieves AWS Security Competency

 
Check Point has attained Amazon Web Services (AWS) Security Competency. This shines a light Check Point’s expertise in delivering advanced threat prevention security to help protect customer data and workloads in the AWS Cloud. vSEC for AWS provides consolidated and consistent security policy management, enforcement and reporting across on-premise and cloud workloads, making migration to the AWS cloud painless. “The AWS Security Competency Program is designed to help customers easily discover and quickly deploy the product solutions that offer the best fit for their unique project workloads,” said Tim Jefferson, global ecosystem lead, security, Amazon Web Services, Inc. “We are ...

Two Thanksgiving Presents from the Leading Ransomware

 
Cerber and Locky, the two most popular ransomwares out there, have launched new variants to the wild simultaneously. The new ransomware versions released perform slender, yet very interesting, changes that may affect the way they are being detected. CERBER 5.0 Uses New IP Ranges as well as Old Ones The actors behind Cerber, like other actors in the ransomware industry, innovate on a daily basis. Only yesterday (November 23rd, 2016) a new version of Cerber was released (4.1.6); however no prominent changes were noticeable in it. Less than 24 hours later, Cerber released the new version, 5.0, which is described in this article. A notable change introduced in this Cerber version is ...