Uncovering a ransomware-distribution campaign part 2

Uncovering a ransomware distribution operation – Part 2

In Part 1 we’ve analyzed a vast Crypt0L0cker ransomware distribution operation currently affecting continental Europe and ready to jump to new countries. In this second post we’ll analyze in detail the server side code used to dispatch the victims towards the correct websites, up to the ransomware itself. We’ll also analyze the ransomware behaviour and how it infects the victim’s computer.
Continue reading “Uncovering a ransomware distribution operation – Part 2”

Bandarchor ransomware

Bandarchor Ransomware Still Active

Bandarchor is a ransomware identified for the first time at the end of 2014 that seemed almost to disappear halfway through 2015. With some surprise we’ve found it to still be alive, well and with a very low detection rate: in fact lately we have been receiving help requests from companies infected by a ransomware that didn’t appear to belong to the known triad: CryptoLocker, CryptoWall or TeslaCrypt and we decided to investigate what appears to be a new campaign using a new variant.
Continue reading “Bandarchor Ransomware Still Active”