Ransomware– Not Only File Encryption

 
Ransomware is an ever-increasing threat worldwide, claiming new victims on a regular basis with no end in sight. While most ransomware families prevent the victims from accessing their documents, pictures, databases and other files by encrypting them and offering a decryption key in return for a ransom payment, others use different, but no less creative ways to extract payment from their victims. Here are some examples:    IoT ransomware Smart devices are known to be a soft spot targeted by threat actors for various purposes. In August 2016, security researchers demonstrated their ability to take control of a building’s thermostats and cause them to increase the temperature ...

Merry X-Mas Ransomware Decryption Tool

 
Merry X-Mas is a ransomware that was first spotted in the wild on January 3, 2017. Upon successful infection, the ransomware encrypts victims’ files and presents a “Merry Christmas” ransom note with a holiday-themed design and a demand for payment to regain access to the files. The malware was first distributed through a spam campaign which claimed to be from the Federal Trade Commission. When the victim clicked the link in the email, it caused a zipped file with the extension pdf.exe to download. Disguised as a legitimate PDF file, this was actually the Merry X-Mas dropper.   The malware’s second attack wave came a few days later on January 8, with a similar spam ...

Hancitor Makes First Appearance in Top Five ‘Most Wanted’ Malware in Check Point’s February Global Threat Impact Index

 
Hancitor has surged into the top five of our ‘most wanted’ malware families worldwide for the first time, according to the new February Global Threat Impact Index from our Threat Intelligence Research Team. The downloader, which installs malicious payloads such as Banking Trojans and ransomware on infected machines, climbed 22 places after more than tripling its global impact in the past month. Also known as Chanitor, Hancitor is usually delivered as a macro-enabled Office document in phishing emails with "important" messages such as voicemails, faxes or invoices. The index ranked Kelihos, a botnet used in spam campaigns, as the most prevalent malware family overall, with 12% of ...

2016 H2 Global and Regional Threat Intelligence Trends

 
Introduction New, sophisticated threats continue to emerge on a daily basis across multiple platforms: social media, mobile platforms, email, and web pages. At the same time, prominent malware and attack methods continue to evolve, bypassing existing security solutions, and tailoring attacks against the largest companies in the world. The devices we use every day are now subject to compromise and can be leveraged for attacks. Even the recent U.S. elections were targeted with significant attacks. The Check Point 2016 H2 Global Threat Intelligence Trends report provides you with the best overview of the cyber landscape; threats, data breaches, trends, attacks and predictions, based on data ...

Charger Malware Calls and Raises the Risk on Google Play

 
Several weeks ago, Check Point Mobile Threat Prevention detected and quarantined the Android device of an unsuspecting customer employee who downloaded and installed a 0day mobile ransomware from Google Play dubbed “Charger.” This incident demonstrates how malware can be a dangerous threat to your business, and how advanced behavioral detection fills mobile security gaps attackers use to penetrate entire networks.   Charger was found embedded in an app called EnergyRescue. The infected app steals contacts and SMS messages from the user’s device and asks for admin permissions. If granted, the ransomware locks the device and displays a message demanding ...

Malware Takes a Christmas Break in December’s Global Threat Index

 
Global malware attacks decreased by 8% in December compared with the previous month, with the popular Locky ransomware recording a huge 81% decrease per week, according to the latest monthly Global Threat Index from Check Point’s Threat Intelligence Research Team. This isn’t an invitation to businesses to sit back and relax, however. Our team predicts that this lull really is due to malicious cybercriminals taking a Christmas break – and, following the same trends last year, when December recorded a 9% drop in the number of malware attacks worldwide, we expect attack volumes to bounce back in January.   The Global Threat Index tracks malware attacks against ...

Looking for a New Employee? Beware of a New Ransomware Campaign

 
Despite trying to brand itself as a new malware, GoldenEye, the latest Petya variant, is very similar to older versions and differs mostly in its “golden” motif. The most prominent change, however, is how the campaign spreads the ransomware. The current campaign used to distribute GoldenEye has a job application theme. It is therefore aimed at companies’ Human Resources departments, due to the fact they usually cannot avoid opening emails and attachments from strangers, a common malware infection method. HR-Targeted Ransomware The new campaign targets German speakers and mimics a job application. The email contains a brief message supposedly from a job applicant and ...

How We Found Two New Ransomware Families and Built Their Decryptors

 
Ransomware is one of the most common and effective attack methods today, and it seems this trend isn’t going to change anytime soon. This last November, we found that ransomware attacks are surging, with our Global Threat Index showing that the number of ransomware attacks using Locky and Cryptowall increased by 10%. Today, Check Point’s Threat Intelligence Team reveals two new ransomware samples that were found in the wild, but also the decryption solutions which can help victims retrieve their lost data free of charge. Check Point is an Associate Partner of the No More Ransom (NMR) project, which aims to fight back against the ransomware epidemic. As such, our new decryption ...

No More Ransom! Check Point adds firepower to the global ransomware battle

 
If you didn’t know what ransomware was at the start of this year, chances are that you do now. It’s been the biggest cybersecurity story of 2016 for both businesses and consumers. Back in February, a Hollywood hospital was forced to pay $17,000 in bitcoin to get its systems back online after an attack; while over the Thanksgiving weekend, ransomware hit San Francisco's Muni Metro, forcing it to give passengers free rides.  It has also found to be spreading in malicious images files on Facebook and LinkedIn.   What’s more, attacks targeting companies have trebled since January 2016. According to a new report, they have been reaching a frequency of one every 40 seconds, ...

Ransomware Attacks Spike Globally in November’s ‘Most Wanted’ Malware List

 
Ransomware attacks continued to rise worldwide during November, according to the latest monthly Global Threat Index from Check Point’s Threat Intelligence Research Team.   Ransomware attacks using the Locky and Cryptowall variants both increased by 10% in November from the previous month.   The research team found that both the number of active malware families and number of attacks remained close to an all-time high, as the number of attacks on business networks continued to be relentless.  For the first time, the Locky ransomware was the No.1 malware family in the largest amount of countries (34 worldwide) compared to Conficker, which was the top malware in 28 countries, ...