Articles from the last couple of weeks reveal interesting new research about a method to fight ransomware by using flash-based storage on devices to save files. That’s especially good news because Shade and Sodinokibi ransomwares have been more active. We also learn about the VPN industry having a limited number of owners representing lots of products, which brings privacy concerns to the forefront.
For more articles, check out our #onpatrol4malware blog.
Researchers fight ransomware attacks by leveraging properties of flash-based storage
Source: HelpNet Security
In a new paper [researchers] look at how they can use the commodity storage devices already in a computer, to save the files without having to pay the ransom. Read more.
Microsoft Warns of Malspam Campaign Abusing Office Vulnerability to Distribute Backdoor
Microsoft is warning users to be on the lookout for a malspam campaign that’s abusing an Office vulnerability in order to distribute a backdoor.a Read more.
Hidden VPN owners unveiled: 97 VPN products run by just 23 companies
Our research shows that at least 97 VPN products are owned or operated by only 23 companies. This includes both cross-platform and mobile-only VPN products. Read more.
10 years of virtual dynamite: A high-level retrospective of ATM malware
Source: Cisco Talos
It has been 10 years since the discovery of Skimer, first malware specifically designed to attack automated teller machines (ATMs). Read more.
A dive into Turla PowerShell usage
Turla is believed to have been operating since at least 2008, when it successfully breached the US military. More recently, it was involved in major attacks against the German Foreign Office and the French military. Read more.
Sodinokibi Ransomware Fixes Scaling Issues, Targets Large Enterprises
Recent variants of Sodinokibi accounted for scaling issues as the ransomware family steadily moves to target large enterprises. Read more.
Shade Ransomware is very active outside of Russia and targets more English-speaking victims
Source: Security Affairs
Shade is considered one of the most dangerous threats in the cyber crime scenario, it has been active at least since 2014 when a massive infection was observed in Russian. Read more.