Gorillas

Preventie van ransomware This blog post will be fully in Dutch. If youd like to read English material, be sure to check out my Q&A on ransomware. A translation will also be available in one of the next days. Ransomware heeft in principe geen introductie meer nodig, maar kortgezegd zal deze specifieke soort malware (bijna) al je bestanden encrypteren en een bepaald bedrag vragen (tegenwoordig vaak in Bitcoin) om terug toegang tot al je bestanden te verkrijgen. Andere benamingen: CryptoLocker, cryptoware, encrypting ransomware. Deze blog post is opgesplitst in twee luiken: 1 voor thuisgebruikers, 1 voor bedrijven. De meeste tips zijn echter ook uitwisselbaar en kunnen naar believen worden toegepast. Tot slot worden ook enkele tools ter beschikking gesteld als aanvulling alsook extra resources. Thuisgebruikers Gebruik, afhankelijk van de mailclient, een degelijke anti-spam filter. In zo goed als alle online diensten (bv. Outlook.com, Gmail, ...) wordt deze reeds standaard aangeboden. ...

Torrentlocker Crytolocker Ransomware Campaign Oct Nov 2014 Ransomware is a type of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed. In mid October, 2014, a ransomware campaign using a new variant of CryptoLocker was launched. At the time of this post, the campaign is still active. Once a user has unknowingly downloaded and run the malware, all files on their local disk and network drives are encrypted. The user is then presented with the following screen (below), which demands that the victim visit a hidden server to purchase the decryption key using Bitcoin. This new Crypto-variant appears to be offered as a service to any criminal individual or gang who wants to get involved in the ransomware extortion business. The malware appears to be delivered via spam e-mail. WARNING We have encrypted your files with CryptoLocker "Buy decryption software and get all ...

Yet another ransomware variant The blog post of today is a bit different than usual, as you can read the full post on the Panda Security blog. Read it here: Yet another ransomware variant In this post Im simply adding some additional information and repeating the most important points. So, theres yet another ransomware variant on the loose. You may call this one Chuingam (chewing gum?) ransomware or Xwin ransomware - pointing to respectively the file with this string Chuingam dropped, or in the latter case the folder on C: it creates. Or just another (skiddie) Generic Ransomware. In the blog post above, I discuss the methodology to encrypt files it uses and how it creates your own personal key, as well as the ransom message and how to recover files (if youre lucky & fast enough). pgp.exe (PGP) is used to generate the public RSA key. Since pgp.exe requires the RAR password, this is temporarily stored in the file "filepas.tmp" - which is overwritten and deleted, so no c...

Ransomware fala sério! Recently, a user contacted me in regards to what looks like a new, Brazilian ransomware. In this blog post, were taking a quick look at the ransom and how to unlock or decrypt your files. TL;DR : to unlock your files, you can use the key or password: 123 Para desbloquear seus arquivos, voc� pode usar a chave ou a senha: 123 The title of this blog loosely translates to: ransomware, no way! (excuse my Portuguese) The ransomware appears to call itself Sem Solu��o; which translates to Hopeless or No Solution. I propose we call it Hopeless ransomware: Figure 1 - Seus arquivos foram criptografados Sua ID N�o a formas de recuperar sem comprar a senha, ser tenta eu apago tudo! O m�todo de pagamento � via Bitcoins.  O pre�o �: 600,00 REAIS =  Bitcoins N�o tem Bitcoins?, pesquise no google e aprenda comprar ou clique em Compra Bitcoins envie os bitcoins para: 1LULpQbdvoAWqKzhe8fuMiPQ8iGdW36pk1 Para receber a senha, voce precisa criar uma e-mail em https://mail.pro...

Ransomware prevention Very short blog post to let you know I now also have an English version of my article preventie van ransomware, on how to prevent ransomware. You can find it as a page (see top of my blog) or here: Ransomware Prevention Translations are available in Dutch (Nederlands) and French (fran�ais). Thanks to @WawaSeb for the French translation. If you would like to translate this page in your own language, feel free to do so and send me the link so it can be added. download  file  now

Ransomware Baru GoldenEye Petya Ransomeware Evolusi WannaCry Virus ransomware kembali menyerang komputer-komputer di seluruh dunia pada Selasa (27/6). Serangan ini berhasil mengambil alih server di perusahaan minyak terbesar Rusia, mengganggu operasional bank-bank di Ukraina, serta mematikan komputer di perusahaan perkapalan dan periklanan multinasional. Pakar keamanan siber mengatakan serangan tersebut tampaknya menggunakan sejenis alat peretas yang sama yang digunakan dalam serangan ransomware WannaCry. "Ini seperti WannaCry lagi," kata Mikko Hypponen, kepala peneliti firma keamanan siber F-Secure yang berbasis di Helsinki, dilansir dari Reuters, Rabu (28/6) Ransomware WannaCry pada bulan Mei 2017 lalu menggegerkan dunia karena telah menginfeksi ratusan ribu komputer, sebelum seorang peneliti Inggris membuat sebuah kill-switch. Hypponen memperkirakan virus tersebut bisa menyebar di Amerika saat para pekerja menghidupkan mesin yang rentan, yang memungkinkan virus tersebut me...