Black Kingdom ransomware is targeting enterprises exploiting the CVE-2019-11510 flaw in Pulse Secure VPN software to gain access to the network. The malicious code encrypts files and appends the .DEMON extension to filenames of the encrypted documents.
A new version of the Mac malware, Shlayer, is spreading by using sneaky tactics. Poisoned search engine results are being used to trick victims into accessing fake Flash Player alert pages in their browser. The pages advise the visitor to download and install an update for Flash Player, however, the file they download installs Shlayer instead. Slayer is a trojan that can be used to install AdWare, and other malware on victim computers.
Evil Corp, the group responsible for Dridex and BitPaymer, has released their latest ransomware: WastedLocker. This new ransomware variant has been showing up for just over a month, and does not share much in common with its predecessors. WastedLocker is often targeted, focusing on spaces with large amounts of data stored, rather than encrypting common system files. Similar to Dridex, WastedLocker uses the SocGholish fake update framework to distribute the ransomware, although other methods of distribution also appear to be in use. Files encrypted by WastedLocker will have the word wasted in the file extension.
The Thanos ransomware is the first to use a researcher-disclosed RIPlace anti-ransomware evasion technique as well as numerous other advanced features that make it a serious threat to keep an eye on.
Galileo has tools available to protect against this type of threat. Contact us for further information.
Ransom X is a new, human operated ransomware, that has been found to be responsible for the May ransomware attack on the Texas Department of Transportation. Ransom X terminates 289 processes ranging from mail and database servers, to MSP software, as well as security software. This ransomware also takes steps to infect other computers on the network, while it is simultaneously encrypting the currently infected computer.