CryptoWire with Decryption Key Included
AhnLab SEcurity intelligence Center (ASEC) recently discovered the distribution of CryptoWire, a ransomware that was once viral in 2018. CryptoWire is mainly distributed via phishing emails and is made using Autoit script. Main Features The ransomware copies and pastes itself in the path “C\Program Files\Common Files,” and registers a schedule
Threat Trend Report on Ransomware – Statistics and Major Issues in February 2024
Purpose and Scope This report provides statistics on the number of new ransomware samples, number of targeted systems, and targeted companies collected in February 2024, as well as major Korean and international ransomware issues worth noting. Major ransomware-related issues and ransomware-specific statistical information other than those mentioned in this report
Threat Trend Report on Ransomware – Statistics and Major Issues in January 2024
Purpose and Scope This report provides statistics on the number of new ransomware samples, targeted systems, and targeted businesses in January 2024, as well as notable ransomware issues in Korea and other countries. Other major issues and statistics for ransomware that are not mentioned in the report can be
Security Issues in the Global Financial Sector – Malware, Phishing, Deep Web & Dark Web cases in January 2024
Statistics of Malware Targeting the Financial Sector Top 10 Major Malware Targeting the Financial Sector Attack Phase Malware Category MD5 Hash Phase 1 Phishing F57FA515AFB84F034B5025CF597C2AB4 Phase 1 Phishing 03267C03B3511FEFE59C54E582E7A7C9 Phase 2 Backdoor 82D0F2A189262D9555D6DB9723645D07 Phase 2 Backdoor 2F06DD4E6D4C72032CDE55C3D0E88FD3 Phase 2 Downloader 87982F1F940CC4AD215CE2DD3FE45678 Phase 2 Dropper 06AF7E3BD05111DA4DEBC5454B92ED0E Phase 3
2023 Dec. – Threat Trend Report on Ransomware Statistics and Major Issues
This report provides statistics on the number of new ransomware samples, targeted systems, and targeted businesses in December 2023, as well as notable ransomware issues in Korea and other countries Statistics The total number of new ransomware samples collected during the past six months is as follows. Figure
Distribution of LockBit Ransomware and Vidar Infostealer Disguised as Resumes
The distribution method involving the impersonation of resumes is one of the main methods used by the LockBit ransomware. Information related to this has been shared through the ASEC Blog in February of this year. [1] In contrast to the past where only the LockBit ransomware was distributed, it has
Distribution of Magniber Ransomware Stops (Since August 25th)
Through a continuous monitoring process, AhnLab Security Emergency response Center (ASEC) is swiftly responding to Magniber, the main malware that is actively being distributed using the typosquatting method which abuses typos in domain addresses. After the blocking rules of the injection technique used by Magniber were distributed, ASEC published a
V3 Detects and Blocks Magniber Ransomware Injection (Direct Syscall Detection)
The Magniber ransomware is consistently being distributed at high volumes. It has been distributed through the IE (Internet Explorer) vulnerability for the past few years but stopped exploiting the vulnerability after the support for the browser ended. Recently, the ransomware is distributed with filenames disguised as a Windows security update
LokiLocker, a Ransomware Similar to BlackBit Being Distributed in Korea
AhnLab Security Emergency response Center(ASEC) has confirmed the distribution of the LokiLocker ransomware in Korea. This ransomware is almost identical to the BlackBit ransomware and their common traits have been mentioned before in a previous blog post. A summary of these similarities is as follows. Similarities Between LokiLocker and BlackBit
BlackBit Ransomware Being Distributed in Korea
AhnLab Security Emergency response Center (ASEC) has recently discovered the distribution of the BlackBit ransomware disguised as svchost.exe during the team’s monitoring. According to the ASEC’s internal infrastructure, the BlackBit ransomware has been continuously distributed since September last year. The ransomware uses .NET Reactor to obfuscate its code, likely to
