Cyren offers ransomware protection from cyber-attacks through powerful cloud-based email security services. What is ransomware? Ransomware is a cyber attack that encrypts your files until you pay. This type of attack is malware that employs encryption – holding a victim’s information at ransom. A user or organization’s data is first encrypted. This way, they cannot access their confidential files, databases, or applications. After this, a ransom is demanded so that the cybercriminal will provide access. Ransomware is typically designed to spread across networks – targeting database and file ..read more

The bad, worse and the horrible by Gunnar Guðmundsson and Axel Marinho Guðmundsson Introduction In this article, we look at a malware payload from an exploited Microsoft Word document. With a little Python scripting and deciphering we research a single sample and gather a few more versions to view a history of active development. Recently we received a malicious DOCX document format containing an embedded Visual Basic script designed to download a compressed .hta payload. Figure 1 Visual Basic script The .hta file had an obfuscated function that downloads a PowerShell script disguised as a ..read more

by Dexter To and Maharlito Aquino Introduction Originally a banking Trojan that existed in the wild as early as 2007, Qakbot (or QBot) is a pioneer of malware as a service, which is continually maintained and developed to this day. While its main purpose is to steal banking credentials such as logins and passwords, it has also added functionalities to spy on financial operations, spread itself and install ransomware in compromised organizations to maximize revenue for cybercriminals. Email Hijacking Recently we have observed the following malware campaign exhibiting a man-in-the-middle (MITM ..read more

by Kervin Alintanahin Recently, we have received an increase in the number of malicious email samples with password-protected attachments. The recent waves of attacks with Emotet use a similar approach. In this blog we describe our analysis of another set of samples that used file archives (e.g. zip file) secured with passwords. The authors of this attack inserted the file archive file into an HTML file. Figures 1.1 and 1.2: Emails with initial malware component, an HTML attachment Once the HTML file is opened, it will drop a file as if that file was downloaded by the user. The HTML pa ..read more

by Kervin Alintanahim Password Protected Docs One of the most recent Emotet samples we received were emails with password protected attachments. Although the malicious document needs an extra step to be accessed compared to just being attached as it is, the additional layer of ‘security’ may cause an unsuspecting user to think that this came from a legitimate source. Figure 1. Email sample Same Code, Different Types Emotet downloaders are leveraging the different file types of excel. The two examples below have the same macro code but one is an OLE format Excel file (.XLS) and the other ..read more

by Max Avory Reading a complete report is not for everyone. If that includes you, here are the key takeaways from the 2022 Osterman report on Phishing, BEC, and Ransomware Threats for Microsoft 365 Customers. “Less than half the organizations ranked their currently deployed email security solutions effective. Respondents felt least confident in their ability to prevent BEC attacks followed by mass-mailed phishing campaigns.” It’s alarming that such a large proportion of organizations feel this way about their current solutions, considering how damaging a successful breach can be. One would ex ..read more

By Floser Bacurio Jr We have been observing that malware is being distributed via NSIS-based crypter. Malware such as FormBook, AgentTesla, GULoader, just to name a few, have been using NSIS as their loader. We have seen several ways of obfuscation implemented with the installer that decrypts and directly loads the malware into memory without dropping its file to the disk. What is NSIS? A quick overview of NSIS (Nullsoft Scriptable Install System): it is an open-source script-driven tool that can be used to create Windows software installers. This tool is flexible and can let you bundle sev ..read more

Spyware is a type of malicious software that enters your computer or mobile device without consent in order to gain access to your personal information and data and relays it to a third party. Considered a type of malware, spyware spies on the computer user, capturing keystrokes, emails, documents, or even turning on the video camera. Spyware has been a part of the public discourse since the mid-90s and in the early 2000s the term “spyware” began being used by cybersecurity companies in much of the same way that it is used today. Today, spyware continues to be the most common threat on the int ..read more

by Ira Chernous This isn’t a story of Halloween costumes and candy. It’s a story about a cyberattack in which the victim always pays for the trick. This type of story almost never has a happy ending. What is Ransomware? Ransomware is a type of malicious software that uses encryption to hold a targeted victim’s information at ransom. Over the last few years, this type of cyberattack has become increasingly popular despite the complexity of its implementation. To execute a ransomware attack, the fraudster needs to be proficient in many areas, from social engineering through cryptography to pro ..read more

Supercharging Your Enterprise Malware Detection Organizational users rely on multiple tools and products to improve their productivity and collaboration. These enterprise tools allow companies to share a large number of files such as PDFs, documents, spreadsheets, and more. This allows for easy collaboration and communication between employees. Increased reliance on email, as well as cloud file storage and sharing platforms, has given rise to incidents that involve file-based malware and phishing attacks.  Enterprises and their employees trust organizational products and tools to provide ..read more