There’s a growing concern over what is thought to be a regrouping of the GandCrab ransomware developers to distribute what is being called “REvil,” “Sodin,” and “Sodinokibi” ransomware. The NCSC published a useful DNS hijacking and mitigation best practices/advisory. Also, articles about some new malware, ransomware and phishing attack vectors and types.

For more articles, check out our #onpatrol4malware blog.

install ransomware

Phishers Target Office 365 Admins with Fake Admin Alerts

Source: BleepingComputer

Phishers targeting admins are becoming more popular due to the greater range of attacks than can be conducted through an admin account. Read more.

install ransomware

Anti-Debugging Techniques from a Complex Visual Basic Packer

Source: Yoroi

“Hawkeye Keylogger” is an info-stealing malware for sale in the dark-web. Anyone can easily subscribe to the malware service by paying a fee. Read more.


This Phishing Attacker Takes American Express—and Victims’ Credentials

Source: Cofense

Recently, the CofenseTM Phishing Defense CenterTM observed a phishing attack against American Express customers, both merchant and corporate card holders. Read more.

disseminate ransomware

Is ‘REvil’ the New GandCrab Ransomware?

Source: KrebsonSecurity

A growing body of evidence suggests the GandCrab team have instead quietly regrouped behind a more exclusive and advanced ransomware program known variously as “REvil,” “Sodin,” and “Sodinokibi.” Read more.

install ransomware

Ongoing DNS hijacking and mitigation advice

Source: NCSC

This Advisory covers some of the risks for organisations around DNS hijacking activity and gives advice on ways the risks can be mitigated. Read more.

install ransomware

How We Seized 15 Active Ransomware Campaigns Targeting Linux File Storage Servers

Source: Intezer

We at Intezer have detected and temporarily DoS’d the operation of a ransomware targeting Linux-based file storage systems (NAS servers). Read more.

install ransomware

The 2019 Duo Trusted Access Report: Zero-Trust Security for the Workforce

Source: Duo

How is zero-trust security for the workforce making its way into the enterprise – and how are organizations using the key principles of zero trust today? Read more.

install ransomware

How to manage Microsoft’s BitLocker encryption feature

Source: CSO

BitLocker is designed to be silent, so much so that you might forget which machines have it enabled and which ones do not. Read more.

install ransomware

Malware-Loader ‘Brushaloader’ Grows More Menacing

Source: Threatpost

The tenacious loader malware called Brushaloader is growing more menacing, showing no signs of abatement despite best efforts by security professionals. Read more.

install ransomware

Phishing Attackers Are Abusing WeTransfer to Evade Email Gateways

Source: Threatpost

The Cofense Phishing Defense Center has observed a wave of phishing attacks that utilize the legitimate file hosting site WeTransfer to deliver malicious URLs to bypass email gateways. Read more.

gandgrab ransomware

Multistage Attack Delivers BillGates/Setag Backdoor, Can Turn Elasticsearch Databases into DDoS Botnet ‘Zombies’

Source: Trendmicro

These threats can turn affected targets into botnet zombies used in distributed-denial-of-service (DDoS) attacks. Read more.

install ransomware

NASty: QNAP Warns Users About ‘eCh0raix’ Ransomware

Source: tom’s HARDWARE

QNAP warned its NAS customers to make sure they’re using strong passwords [and] have the latest version of its QTS firmware. Read more.

install ransomware

Trinity Miner using open ADB port to target IoT devices

Source: Quick Heal Blog

All these IoT devices are powered by ARM-based processor and run on android and unix operating system. These IoT devices include mobiles, smart T.V., routers, IP cameras and DVR. Read more.