Check Point Blog

Threat Research April 26, 2016

Check Point Threat Alert: CryptXXX Ransomware

CryptXXX ransomware has been observed in the wild as of March 2016, delivered via the Angler Exploit Kit and spread through the Bedep trojan. The ransomware is demanding a $500 ransom to be paid in…

Read More
Threat Research

Digging Deeper: How Ransomware and Malware use Microsoft Windows’ Known Binaries

Since Windows 7 is the most popular operating system (OS) among PCs, many malware choose to target it. Malware often do so by using Windows’ very own artifacts.  During 2015, Windows artifacts were increasingly abused…

Read More
Threat Research April 15, 2016

KOVTER RANSOMWARE – THE EVOLUTION: From Police Scareware to Click Frauds and then to Ransomware

In terms of cyber security research, the Kovter malware family is very interesting. A wide-spread malware found in different parts of the cyber landscape, Kovter underwent extensive changes both in its purpose and in the…

Read More
Threat Research April 11, 2016

Decrypting the Petya Ransomware

Petya is a relatively new ransomware variant that first appeared on the cyber-crime scene at the beginning of 2016. While Petya doesn’t have an impressive infection rate like other ransomware such as CryptoWall or TeslaCrypt,…

Read More
Threat Research

New Locky Variant Implements Evasion Techniques

Following Check Point’s recent discovery of a new communication scheme implemented by the Locky ransomware, our research teams decided to take a closer look at the inner workings of this new variant and map any…

Read More
Threat Research April 6, 2016

Ransomware: Cybercriminals New Attack of Choice

In recent years, we’ve seen banker malware as the most prominent threat in the cyber world. However, over the last six months there has been a major change in the cyber threat landscape. Banker malware…

Read More
Threat Research April 1, 2016

Check Point Threat Alert: Ransomware Campaigns Using .JS Inside Archives

Recently there is noticeable increase in using JavaScript files inside archives as a means to avoid detection in ransomware campaigns. The campaigns, which distribute various ransomware payloads, generate thousands of spear phishing emails with a…

Read More
Threat Research March 28, 2016

Check Point Threat Alert: SamSam and Maktub Ransomware Evolution

Executive Summary New and evolving ransomware campaigns, dubbed ‘SamSam’ and ‘Maktub’, use techniques not commonly observed in previously known ransomware. SamSam spreads by targeting and infecting servers that contain unpatched vulnerabilities. Maktub and Samsam do…

Read More
Threat Research March 23, 2016

New TeslaCrypt Ransomware Spikes on Leap Day, Attempting to Catch Users Off-Guard

In reviewing recent anomalies in our threat traffic, Omri Givoni, who heads up our Threat Prevention Cloud Group, noticed a spike of more than 100,000 events in our detections on leap day, February 29th, 2016.…

Read More
Threat Research February 22, 2016

Check Point Threat Alert: Locky Ransomware

Locky is a new type of ransomware which encrypts the victim’s files and then demands a ransom to be paid in bitcoins in order to decrypt these files. The main infection method is spam emails…

Read More