01Oct, 2019

Sophisticated Ransomware : “Katyusha”

Sophisticated Ransomware : “Katyusha” For several months, Quick Heal Security Labs has been observing an increase in ransomware, we have found one more interesting ransomware which encrypts files and adds extension “.katyusha” and demands for an amount of 0.5 btc within three days and threatens to release the data to public download if the ransom is not paid. […]

02Sep, 2019


ADAME RANSOMWARE Do you know about Adame Ransomware? Some highly skilled cyber crooks prefer to build and tailor unique malware and take great pride in this. Others, however, would rather take it easy and still cash in some profits, preferable with minimum effort involved. Such individuals like to base their malware creations on the code […]

03Aug, 2019


HESE RANSOMWARE Hese ransomware is a high-risk ransomware that encrypts most of stored data thereby making it unusable. HESE comes from Djvu ransomware family. Additionally, Hese appends each filename with “.hese” extension (thus, its name). For instance, “2.jpg” would be renamed to “sample.jpg.hese” and so on so forth. Screenshot of files encrypted by Hese (“.hese” extension): […]

28Jun, 2019


CTB-Locker has been observed being distributed through several exploit kits, including Rig and Nuclear. However, it is through aggressive malicious spam campaigns that the ransomware has been delivered the most. The most widely seen spam campaigns that distribute CTB-Locker use a downloader component known as Dalexis or Elenocka. The spam messages follow a variety of formats, including missed fax […]

28Jun, 2019

Bad Rabbit

What is Bad Rabbit? Bad Rabbit is a previously unknown ransomware family. How is Bad Rabbit distributed? The Bad Rabbit ransomware dropper was distributed with the help of drive-by attacks. While the target is visiting a legitimate website, a malware dropper is being downloaded from the threat actor’s infrastructure. No exploits were used, so the victim would have […]

25Jun, 2019


Mobile Ransomware Acts Without Encryption. We recently found on Google Play a type of mobile ransomware that does not encrypt files. This malware extorts a payment to prevent the attacker from spreading a victim’s private information. LeakerLocker claims to have made an unauthorized backup of a phone’s sensitive information that could be leaked to a […]

31May, 2019

Ransomware is preventable!

Even though there are ways to recover encrypted files with a decryptor in some cases, there is no silver bullet that can treat every existing variant of ransomware, and new variants are being created all the time. The best way to handle ransomware is prevention. The good news here, to the extent there is good […]

17May, 2019

Sauron Locker

Sauron Locker Ransomware Description The Sauron Locker Ransomware is a screen locker designed to target mobile devices. The Sauron Locker Ransomware was first observed on April 15, 2019. PC security researchers have studied the Sauron Locker Ransomware in detail after gaining access to a leaked version of its code. Using the Sauron Locker Ransomware, PC […]

17May, 2019


A new ransomware family called NamPoHyu Virus or MegaLocker Virus is targeting victims a bit differently than other ransomware. Instead of an executable running on a victim’s computer, the attacker is running the ransomware locally and having it remotely encrypt accessible Samba servers. Ransomware infections are typically installed on the computer that will be encrypted, whether that […]

15May, 2019


What is Robbinhood? Ransomware-type programs are computer infections that cybercriminals use to prevent people from accessing their files and to blackmail them by making ransom demands. Robbinhood was discovered by Michael Gillespie and is an example of one of these programs. It encrypts data stored on the system, rendering files unusable. To regain access to their files, people […]