19 matches found
APT trends report Q1 2019
For just under two years, the Global Research and Analysis Team GReAT at Kaspersky Lab has been publishing quarterly summaries of advanced persistent threat APT activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published an...
Kaspersky Security Bulletin: Review of the Year 2017
Introduction The end of the year is a good time to take stock of the main cyberthreat incidents that took place over the preceding 12 months or so. To reflect on the impact these events had on organizations and individuals, and consider what they could mean for the overall evolution of the threat...
IT threat evolution Q3 2017
Targeted attacks and malware campaigns Re-enter the dragon In July, we reported on the recent activities of a targeted attack group called 'Spring Dragon' also known as LotusBlossom, whose activities data back to 2012. Spring Dragon makes extensive use of spear-phishing and watering-hole attacks...
Bad Rabbit Linked to ExPetr/Not Petya Attacks
A link has been confirmed between the Bad Rabbit ransomware outbreak detected yesterday in major organizations in Russia and Ukraine and this summer’s ExPetr/Not Petya attacks. Researchers at Kaspersky Lab said there are “clear ties” between the two attacks though one major piece of the puzzle is...
BadRabbit Ransomware Attacks Hitting Russia, Ukraine
A ransomware attack has put a halt to business inside a handful of Russian media outlets and a number of major organizations in the Ukraine, including Kiev’s public transportation system and the country’s Odessa airport. The attacks are known as Bad Rabbit and harken back to the ExPetr/NotPetya...
Many Factors Conspire in ICS/SCADA Attacks
Critical infrastructure operators can’t be blamed for a perpetual case of whiplash. They are mired between hackers targeting internet-facing and air-gapped systems with equal precision, and vendors and management unwilling to properly tackle security for fear of downtime and incompatibility. “The...
Ukrainian Man Arrested, Charged in NotPetya Distribution
The Cyber Police of Ukraine arrested a suspect they allege distributed the destructive NotPetya/ExPetr malware resulting in the infection of 400 computers. NotPetya/ExPetr was the malware behind a massive global cyberattack that took place earlier this year. It infected computers worldwide with...
Motivation Mystery Behind WannaCry, ExPetr
If two is a coincidence and three is a trend, maybe we’re not quite there yet in officially calling WannaCry and ExPetr a new movement among APT attacks. But for now, it’s close enough. Researchers are starting to examine the real motivations behind each global outbreak and whether these attacks...
A King’s Ransom It is Not
The first half of 2017 began with two intriguing ransomware events, both partly enabled by wormable exploit technology dumped by a group calling themselves "The ShadowBrokers". These WannaCry and ExPetr ransomware events are the biggest in the sense that they spread the quickest and most...
No Free Pass for ExPetr
Recently, there have been discussions around the topic that if our product is installed, ExPetr malware won't write the special malicious code which encrypts the MFT to MBR. Some have even speculated that some kind of conspiracy might be ongoing. Others have pointed out it's plain and simple...
Scanner Shows EternalBlue Vulnerability Unpatched on Thousands of Machines
Many digital trees have died for the cause of informing Windows admins about the SMBv1 vulnerability that spawned the WannaCry and ExPetr/NotPetya malware attacks. Yet a relatively small sample of data collected from a freely available tool shows that thousands have not gotten the message, or hav...
GoldenEye Malware
I don't have anything to say -- mostly because I'm otherwise busy -- about the malware known as GoldenEye, NotPetya, or ExPetr. But I wanted a post to park links. Please add any good relevant links in the comments...
In ExPetr/Petya’s shadow, FakeCry ransomware wave hits Ukraine
While the cyber-world was still shaking under the destructive ExPetr/Petya attack that hit on June 27, another ransomware attack targeting Ukraine at the same time went almost unnoticed. So far, all theories regarding the spread of ExPetr/Petya point into two directions: Distribution via trojaniz...
Researchers Find BlackEnergy APT Links in ExPetr Code
Researchers have found links between the BlackEnergy APT group and threat actors behind the ExPetr malware used in last month’s global attacks. According to researchers at Kaspersky Lab, there are strong similarities between older versions of BlackEnergy’s KillDisk ransomware compared to ExPetr...
From BlackEnergy to ExPetr
Much has been written about the recent ExPetr/NotPetya/Nyetya/Petya outbreak - you can read our findings here:Schroedinger's Petya and ExPetr is a wiper, not ransomware. As in the case of Wannacry, attribution is very difficult and finding links with previously known malware is challenging. In th...
On This Week's NotPetya, ExPetr Outbreak
Mike Mimoso and Chris Brook discuss this week’s ExPetr global ransomware outbreak, how it was distributed, the wiper aspect, and similarities to 2016’s Petya ransomware. Download: ThreatpostNewsWrapJune302017.mp3 Music by Chris Gonsalves Show notes: ExPetr Called a Wiper Attack, Not Ransomware Ne...
Petya Is Not Ransomware, It's a 'Wiper'
The outbreak of the ExPetr malware isn’t a ransomware attack, but more precisely, it’s a wiper attack that sabotaged PCs globally, overwriting their Master Boot Record forever. That’s the analysis of security experts from Kaspersky Lab and Comae Technologies who shared their latest research on th...
ExPetr/Petya/NotPetya is a Wiper, Not Ransomware
After an analysis of the encryption routine of the malware used in the Petya/ExPetr attacks, we have thought that the threat actor cannot decrypt victims' disk, even if a payment was made. This supports the theory that this malware campaign was not designed as a ransomware attack for financial...
'Little Hope' to Recover Data Lost to Petya Ransomware
Join Kaspersky Lab and Comae Technologies Thursday June 29, 2017 at 10 a.m. Eastern time for a webinar “The Inside Story of the Petya/ExPetr Ransomware.” Click here to attend. Fewer than 50 ExPetr/Petya ransomware victims have paid approximately $10,200 in Bitcoin so far in the hopes of unlocking...