|
|
LOL, crooks act fast....Windows 10 ransomewares! - TechAmok
LOL, crooks act fast....Windows 10 ransomewares! - [security]
10:36 AM EDT - Aug,02 2015 - post a comment Microsoft released Windows 10 earlier this week (July 29) and it will be available as a free upgrade to users who are currently using Windows 7 or Windows 8. This threat actor is impersonating Microsoft in an attempt to exploit their user base for monetary gain. The fact that users have to virtually wait in line to receive this update, makes them even more likely to fall victim to this campaign.
The payload is CTB-Locker, a ransomware variant. Currently, Talos is detecting the ransomware being delivered to users at a high rate. Whether it is via spam messages or exploit kits, adversaries are dropping a huge amount of different variants of ransomware. The functionality is standard however, using asymmetric encryption that allows the adversaries to encrypt the user's files without having the decryption key reside on the infected system. Also, by utilizing Tor and Bitcoin they are able to remain anonymous and quickly profit from their malware campaigns with minimal risk. CTB-Locker has some interesting features that are different from large scale variants Talos has seen. First is the type of encryption used, most variants use RSA asymmetric encryption. CTB-Locker actually makes use of elliptical curve encryption which still provides the same public/private key encryption but it's a different type of algorithm, with lower overhead and the same level of security utilizing smaller key space. Second, there is the issue of the time window. CTB-Locker is only giving users 96 hours to pay for decryption, which is a shorter window than is standard for most ransomware.
Another key difference is related to Command and Control (C2) communication. Recent versions of ransomware are leveraging compromised wordpress sites to serve as a drop point for information related to the compromised host. CTB-Locker appears to be using hard coded IP addresses on non-standard ports to establish communication. There is also a significant amount of data being exchanged between systems, which is largely uncharacteristic for ransomware. An analysis of network traffic reveals that there were ~100 network streams to various IP addresses. The most common ports being utilized are 9001, 443, 1443, and 666. There are some other interesting aspects to the network communication
|
|
Short overview of recent news articles |
|
*EPSTEIN HAD THE SEC SUE RIPPLE/XRP - HOLY SH*T | Gensler Worked For (Feb,02 2026 ) Mozilla Firefox is making it super easy to turn off its generative (Feb,02 2026 ) Windows 11 quietly gets a new security feature to protect system (Feb,01 2026 ) WARNING: TRUMP & RIPPLE/XRP SECRET AGREEMENT AT DAVOS (Feb,01 2026 ) China's new RAM company, CXMT, is selling RAM at $138 (Feb,01 2026 ) Windows keeps a permanent record of every USB device you've ever (Feb,01 2026 ) Intel Is BACK - Panther Lake Changes Everything (Feb,01 2026 ) NVIDIA Releases GeForce Security Update Driver 582.28 for Legacy (Jan,31 2026 ) AMD 'Zen 6' CCD Packs 12 Cores, 48 MB L3 Cache (Jan,31 2026 ) Microsoft Set to Disable Legacy NTLM Authentication by Default in (Jan,31 2026 ) NVIDIA GeForce 591.86 WHQL Driver (Jan,30 2026 ) iOS 26.3-Important New iPhone Location Privacy Feature Coming Soon (Jan,30 2026 ) I Made the Ultimate Steam Machine Before Valve (Jan,29 2026 ) Wardriver - Official Trailer (2026) Dane DeHaan, Sasha Calle, (Jan,29 2026 ) Apple Intros Improved AirTag (Jan,28 2026 ) US Version of TikTok off to Bumpy Start; Competitors Surge (Jan,28 2026 ) Google Chrome no longer needs you, as Gemini takes the driving seat (Jan,28 2026 ) Premium Subscriptions Coming to Facebook, Instagram, WhatsApp (Jan,27 2026 ) Windows 11 Best For Gaming? Windows 11 25H2 vs. Windows 10 (Jan,25 2026 ) Microsoft Says Uninstall This Windows Update Immediately (KB5077744 (Jan,24 2026 ) Xbox Developer Direct Livestream 2026 | Fable, Forza Horizon 6, (Jan,22 2026 ) Iridium Begins Testing its own Satellite Service for Phones (Jan,22 2026 ) AMD Releases Adrenalin Edition 26.1.1 WHQL Drivers (Jan,22 2026 ) AI in 2050 (Jan,18 2026 ) iOS 26.2 Fixes Major Security Flaws (Jan,17 2026 ) Google Links its AI to Your Gmail and Photos for "Personal (Jan,17 2026 ) Fastest Koenigsegg v Fastest Bugatti: DRAG RACE (Jan,17 2026 ) Creating a 48GB NVIDIA RTX 4090 GPU (Jan,17 2026 ) CES was frickin weird, guys (Jan,14 2026 ) Lee Cronin's The Mummy - Official Teaser Trailer (2026) Jack (Jan,12 2026 ) Ferrari SF90 XX v Xiaomi SU7 Ultra: DRAG RACE (Jan,12 2026 ) Welcome to the Wasteland - Fallout (American TV series) fan video (Jan,10 2026 ) GOOD LUCK, HAVE FUN, DON'T DIE Trailer 2 (2026) Sam Rockwell (Jan,09 2026 ) NVIDIA Releases GeForce 591.74 WHQL Drivers with DLSS 4.5 Support (Jan,07 2026 ) Predator: Badlands Exclusive Deleted Scene (2025) (Jan,07 2026 ) Greenland 2: Migration - Official Trailer 3 (2026) Gerard Butler, (Jan,06 2026 ) The Best Laptops of 2025 - For Gaming, Creators & Students! (Jan,05 2026 ) Punkt Updates its Privacy-Focused Smartphone (Jan,05 2026 ) Clicks Launches New Ways to Add a Physical Keyboard to Your Life (Jan,05 2026 ) Building a PC for the First Time (Jan,05 2026 ) Building a PC in 2026 (Jan,03 2026 ) I want this phone so bad... - Samsung Galaxy Z TriFold (Jan,02 2026 ) The Real Finewine Strikes Again: Ryzen 5600X, 5700X & 5800XT Revisit (Jan,02 2026 ) Nokia N8 Symbian Re-Awakened With Passion (Jan,02 2026 ) Europe Forces Apple to Open up More of iOS (Jan,02 2026 ) Must have Privacy and Security Tweaks: 2026 Edition (Jan,02 2026 ) How Did RAM Get So Expensive?! (Jan,01 2026 ) GeForce RTX 5090 prices to soar to $5,000 as NVIDIA and AMD prep GPU (Dec,31 2025 ) Hacker arrested for KMSAuto malware campaign with 2.8 million (Dec,30 2025 ) Killer Whale - Official Trailer (2026) Virginia Gardner, Mel (Dec,29 2025 )
>> News Archive <<
| |
|
