Since CryptoLocker (the first widespread crypto-ransomware) came out in September 2013, the amount of variants/new families has grown at a staggering rate. CryptoLocker, CTB-Locker, CryptoWall, TorrentLocker, VaultCrypt, TeslaCrypt and many others have been wreaking havoc on computers worldwide by encrypting photos, documents and other personal/business data....

Intro Every once in a while, security researchers try to bypass security solutions for kicks, fame, marketing and to raise awareness for a new vulnerability that totally foils protection. Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) has seen its share of bypasses and when it is bypassed, the underlying approach grabs our attention. Somewhat...

Malware-authors create millions of new unique malware samples every year to bypass web filters and antivirus software. But did you know that every exploit attack (to deliver malware) must use the exact same techniques to exploit software vulnerabilities? And that there are only a dozen offensive techniques to make this happen? Also, did you know that...

Two months ago we released HitmanPro.Alert version 3 at the RSA Conference in San Francisco. This major new version comes with protection against crypto-ransomware and exploits. In these two months various companies started using HitmanPro.Alert version 3 to protect exploit-susceptible applications and critical documents against malware and zero-day...

This post is a follow up on our previous post regarding ransomware infecting user32.dll. A new variant of the Department of Justice (DOJ) ransomware that embeds itself inside user32.dll is spreading. This new variant has updated its tactics to avoid detection by antivirus programs. The following section shows an analysis of this new version and...

Over the past months we’ve been monitoring a new variant of the Department of Justice (DOJ) ransomware. Till date there is nothing written about this new variant on the internet. This blog item aims to address this. Analysis of this particular ransomware shows that the method to infect victims is different compared to previous ransomware samples....