Emotet Returns After a Summer Break

What Is It? First discovered in 2014, the Emotet trojan has previously been the subject of several Threat Reports. Initially a banking trojan, it has since evolved to focus on the sending of spam emails and distribution of other malware. This change in functionality might be tied be more profitable option for its authors. In early June 2019, it was observed that its C2 (command and control)…

Emotet Makes Good Websites Go Bad – Uniden Edition

What Is It? Legitimate websites are prized by malicious actors as distribution sites for their malware. The primary reason is that a link to a legitimate website is more likely to be clicked on by potential victims. The more well known the organization, the more likely its website or entire domain is whitelisted and less likely to be blocked by security products. There are numerous examples of…

Emotet Authors Refresh Attacks After Orthodox Christmas

What Is It? A report from researchers at Cisco TALOS describes the detection of recent Emotet trojan campaign. Currently, Emotet is one of the most prolific of trojans with a history of being continuously updated by its authors. Initially released as a banking trojan, Emotet is often deployed as an initial malware infection, downloading various payloads, such as trojans, information stealers…

Threat Report: Malware Referencing Coronavirus

What Is It? Since the first reports of coronavirus began emerging in early January 2020, it was guaranteed that cyber attackers would attempt to leverage the subject as part of the social engineering aspects of their attacks. This is especially true now that coronavirus has altered the lives of billions of people in unprecedented ways. Social engineering is the act of exploiting human…

DoppelPaymer Ransomware Shows Ties to BitPaymer

What Is It? Researchers from CrowdStrike have recently detailed their findings into a new ransomware variant they have named DoppelPaymer. The ransomware began in June 2019 with victims including government attacks on the Ministry of Agriculture of Chile and the Texas city of Edcouch. In the case of Edcouch, city officials stated their backups were also encrypted. Ransom amounts of 2, 40 and…

Ryuk Ransomware Uses Trickbot Trojan in U.S. Newspaper Attack

[Update Dec. 16, 2019: On December 13, the City of New Orleans was attacked by, what BleepingComputer indicated to be, a variant of Ryuk. We ran the related sample that was uploaded to VirusTotal against BluVector Cortex and found that its Machine Learning Engine would have detected the Ryuk variant 36 months ahead of its release. NOLA.com reports that the city's traffic and municipal courts…

BitPaymer Ransomware Freezes the PGA and an Alaskan Town

What Is It? While some cybersecurity pundits claim the demise of ransomware, their prognostications were at best a premature conclusion. In recent weeks, variants of BitPaymer ransomware have infected systems at the Professional Golfers Association of America (PGA) and the local government offices of Matanuska-Susitna, a municipal borough of greater Anchorage. BitPaymer, first identified in…

IcedID Trojan Targeting Banks

What Is It? Recently IBM X-Force released the results of its research into a new banking trojan it has dubbed IcedID, first seen in the wild in September 2017. The current versions of IcedID are able to target banks, payment card and mobile service providers, payroll portals, as well as webmail and e-commerce sites. In order to steal financial data and user credentials it is also capable of…