The Process Doppelgänging technique was first presented in December 2017 at the BlackHat conference. Since the presentation several threat actors have started using this sophisticated technique in an attempt to bypass modern security solutions. In April 2018, we spotted the first ransomware employing this bypass technique – SynAck ransomware. It should be noted that SynAck… Read More

A new in-development ransomwarewas discovered that has an interesting characteristic. Instead of the distributed executable performing the ransomware functionality, the executablescompiles an embedded encrypted C# program at runtime and launches it directly into memory. Source: bleepingcomputer… Read More

The City of Atlanta spent more than $2.6 million on emergency efforts to respond to a ransomware attack that destabilized municipal operations last month. Attackers, who infected the city’s systems with the pernicious SamSam malware, asked for a ransom of roughly $50,000 worth of bitcoin. (The exact value has fluctuated due to bitcoin’s volatility.) Atlanta… Read More

You get two for the price of one with today’s paper! Firstly, it’s a fascinating insight into the ransomware business and how it operates, with data gathered over a period of two years. Secondly, since ransomware largely transacts using Bitcoin, the methods used by the research team to uncover and trace ransomware activity are also… Read More