Microsoft Adds Default Protection Against RDP Brute-Force Attacks in Windows 11

Microsoft is now taking steps to prevent Remote Desktop Protocol RDP brute-force attacks as part of the latest builds for the Windows 11 operating system in an attempt to raise the security baseline to meet the evolving threat landscape. To that end, the default policy for Windows 11 builds –...

The Top Ransomware Threats Aren’t Who You Think

While there seem to be legions of ransomware gangs, it turns out that just a handful of ransomware-as-a-service RaaS actors dominate the entire ecosystem of encryption-attack threats. In fact, just three ransomware families, none of them household names, make up 64 percent of all threats detected...

Ransomware Volumes Hit Record Highs as 2021 Wears On

Ransomware has seen a significant uptick so far in 2021, with global attack volume increasing by 151 percent for the first six months of the year as compared with the year-ago half. Meanwhile, the FBI has warned that there are now 100 different strains circulating around the world. From a...

On the Taxonomy and Evolution of Ransomware

Given the frequency with which “ransomware” appears in news articles, it may be worthwhile to take a step back and actually consider what the term means. Any malware or attack that culminates in extorting ransom from the victim is commonly referred to as ransomware. The general idea is to encrypt...

Researchers Mixed on Sanctions for Ransomware Negotiators

Ransomware negotiators may have to pay up in new ways if they intercede with cybercriminals on companies’ behalf. Several researchers weighed in on the wisdom of the move, with mixed reactions. The U.S. Department of the Treasury said Thursday that companies that facilitate ransomware payments to...

What Happens When Victims Pay Ransomware Attackers?

For many hackers around the globe, ransomware infections have become a lucrative business. Although these types of malware samples have been around for years now, they continue to spur success - and high monetary profits - for attackers. In fact, according to a statement from U.S. Deputy Attorney...

New ‘Under the Radar’ report examines modern threats and future technologies

As if you haven't heard it enough from us, the threat landscape is changing. It's always changing, and usually not for the better. The new malware we see being developed and deployed in the wild have features and techniques that allow them to go beyond what they were originally able to do, either...

SamSam Ransomware

Summary The Department of Homeland Security DHS National Cybersecurity and Communications Integration Center NCCIC and the Federal Bureau of Investigation FBI are issuing this activity alert to inform computer network defenders about SamSam ransomware, also known as MSIL/Samas.A. Specifically, th...

SamSam Ransomware

The Department of Homeland Security and the Federal Bureau of Investigation have identified cyber threat actors using SamSam ransomware—also known as MSIL/SAMAS.A—to target industries in the United States and worldwide. NCCIC encourages users and administrators to review Alert AA18-337A: SamSam...

Feds charge 2 Iranian hackers behind SamSam ransomware attacks

By Waqas The United States Department of Justice has charged two Iranian nationals with allegedly developing and using SamSam ransomware against their targets in the United States and Canada to carry out computer hacking and extortion scheme from Iran. Both Mohammad Mehdi Shah Mansouri, 27 and...

DOJ Indicts 2 Iranian Hackers for Harmful SamSam Ransomware

A string of attacks hobbled the city of Atlanta, multiple hospitals, and more. The feds now think they know who did it...

U.S Charges Two Iranian Hackers for SamSam Ransomware Attacks

The Department of Justice announced Wednesday charges against two Iranian nationals for their involvement in creating and deploying the notorious SamSam ransomware. The alleged hackers, Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah, 27, have been charged on several counts of computer hackin...

Carbon Black Report: A Case Study on No More IR Busy Work

From discovery to data acquisition to remediation, IR teams might spend hours of their precious time doing tedious labor — for instance, going in and grabbing an organization’s relevant forensic artifacts such as event logs one by one. What IR teams want to spend time doing: finding the bad guys...

Black Hat USA 2018: ransomware is still the star

The Malwarebytes team was at the annual Black Hat USA event held in Las Vegas at the Mandalay Bay Hotel from August 4–9. Large crowds walked through the expo floor, attended talks, and participated in trainings. Among the many topics discussed, ransomware came up as one of the main issues that bo...

SamSam Ransomware Attacks Extorted Nearly $6 Million

Ransomware has become a multimillion-dollar black market business for cybercriminals, and SamSam being a great example. New research revealed that the SamSam ransomware had extorted nearly $6 million from its victims since December 2015, when the cyber gang behind the ransomware started...

A week in security (June 18 – June 24)

Last week, we took a deep dive into SamSam ransomware, looked at ways how to identify and delete malicious emails, recognized that there are now risks affecting job recruitment portals, analyzed a malicious Android app banking on the popularity of Fortnite, and identified causes and solutions for...

SamSam ransomware: controlled distribution for an elusive malware

SamSam ransomware has been involved in some high profile attacks recently, and remains a somewhat elusive malware. In its time being active, SamSam has gone through a slight evolution, adding more features and alterations into the mix. These changes do not necessarily make the ransomware more...

SamSam Ransomware Evolves Its Tactics Towards Targeting Whole Companies

Ransomware has lately lost its status as the queen of the cybercrime prom, but a new iteration of the nefarious SamSam extortion code shows that it can still make a bid to be sparkly and attention-getting. The latest version of SamSam has taken the malware road less traveled, ditching widespread...

2,000 Colorado DOT computers infected with SamSam Ransomware

By Uzair Amir Another day, another ransomware scam - This time, it is This is a post from HackRead.com Read the original post: 2,000 Colorado DOT computers infected with SamSam Ransomware...

SamSam - The Evolution Continues Netting Over $325,000 in 4 Weeks

This post was written by Vitor Ventura Introduction Talos has been working in conjunction with Cisco IR Services on what we believe to be a new variant of the SamSam ransomware. This ransomware has been observed across multiple industries including Government, Healthcare and ICS. These attacks do...