Search
Close this search box.

Category: cyren

Locky Distributors Switch to Word Macro and then WSF Files

Locky Ransomware continues to be distributed in large numbers, however, the email attachments have been changed, probably due to greater blocking of the JavaScript files that have been favored until now. The Locky attack begins with an email attachment that downloads the actual Locky ransomware. Last week, the Downloader component

Locky Developers Continue to Enhance Ransomware Delivery and Operation

In the past week we have seen a resurgence of Locky malware emails. Some examples of the attachment filenames (there are many variations): DETAILS_%username%_291866.ZIP->extracted file: unpaid-166.js  %username%_ADDITION_744341.ZIP-> extracted file:addition-0106.js %username%_INVOICE_337060.ZIP-> extracted file:unpaid-643.js SERVICES_%username%_793350.ZIP-> extracted file:addition-3247.js %username%_SCANNED_869621.ZIP-> extracted file:unpaid-6981.js %username%_UNPAID_116521.ZIP-> extracted file:unpaid-8255.js legend: %username% = local part of the email address

Need a Password for a Stolen iPhone?

Apple’s “find my iPhone” is one of the most useful reasons to be connected to iCloud. If your iPhone is lost you can leave a message onscreen for the finder to contact you.  Since the introduction of iOS7, the activation of “find my iPhone” also prevents erasing/resetting of the phone

Locky Returns After 22 Day Break with Sandbox Evasion Techniques

There has been much speculation in the Internet Security industry about the status of Locky – the ransomware heavyweight of February-May 2016 which suddenly ceased distribution at the start of June. As we previously reported Locky was distributed in vast email outbreaks, many times exceeding 10 billion emails/day and often

Corporate Crime and Hospital Hacks – Locky Shuts Down Businesses

Viral pandemics are certainly cause for a hospital to declare a “state of emergency.” But in the case of Methodist Hospital in Kentucky, the virus that caused the “internal state of emergency” didn’t relate to hundreds of patient-filled stretchers… In this instance, Locky had infected the hospital’s entire computer system,

Bitcoin Phishing Targets Users via Google AdWords

As we have pointed out several times, cybercrime is a business, and running a malware or phishing campaign does require some financial investment by the bad actors. Rental of botnets, purchase of exploit kits, and acquisition of compromised site lists are all expenses that need to be covered by the

Cyren’s May 2016 Cyberthreat Report – Overview

Over the last few years, we’ve repeatedly reported on the fact that cybercriminals are stealthy, smart, and sophisticated. They’re building global organized cybercrime syndicates and, with one simple piece of malware, can generate millions of dollars in just a few days. Like any aggressive business, they’re capable of altering their

Ransomware — Protect Yourself or Pay

Locky Ransomware in 2016  Ransomware has surged dramatically this year with the launch of a new variant called “Locky.” Delivered via massive malicious spam blasts (malspam), Locky represented 40% of all malware distributed worldwide during the first quarter of 2016. And as these attacks have become more sophisticated, attackers are

Virus Bulletin: Keeping Up with the Stegoloader Trojan

As CYREN’s GlobalView security cloud churns through billions of pieces of information every day, our researchers are busy examining how certain threats work in order to make the whole automated system continuously smarter. Certain threats we find represent marked “advances” in intrusion techniques. A deep dive on the mechanics of

Malware Newsmakers of 2015

New and old malware are showing increasing sophistication With as many as one million new malware threats being released each day, it comes as no surprise that many of these viruses are advanced and targeted. CYREN examined the various malware threats that appeared during 2015 and discovered some interesting trends,