Files Cannot Be Decrypted? Challenge Accepted. Talos Releases ThanatosDecryptor
This blog post was authored by Edmund Brumaghin, Earl Carter and Andrew Williams. Executive summary Cisco Talos has analyzed Thanatos, a ransomware variant that is being distributed via multiple malware campaigns that have been conducted over the past few months. As a result of
Gandcrab Ransomware Walks its Way onto Compromised Sites
This blog post authored by Nick Biasini with contributions from Nick Lister and Christopher Marczewski. Despite the recent decline in the prevalence of ransomware in the threat landscape, Cisco Talos has been monitoring the now widely distributed ransomware called Gandcrab. Gand
Ransom Where? Malicious Cryptocurrency Miners Takeover, Generating Millions
his post was authored by Nick Biasini, Edmund Brumaghin, Warren Mercer and Josh Reynolds with contributions from Azim Khodijbaev and David Liebenberg. Executive Summary The threat landscape is constantly changing; over the last few years malware threat vectors, methods and pay
SamSam - The Evolution Continues Netting Over $325,000 in 4 Weeks
This post was written by Vitor Ventura Introduction Talos has been working in conjunction with Cisco IR Services on what we believe to be a new variant of the SamSam ransomware. This ransomware has been observed across multiple industries including Government, Healthcare and
Threat Spotlight: Follow the Bad Rabbit
Note: This blog post discusses active research by Talos into a new threat. This information should be considered preliminary and will be updated as research continues. Update 2017-10-26 16:10 EDT: added additional information regarding the links between Nyetya and BadRabbit Upd
Back to Basics: Worm Defense in the Ransomware Age
This post was authored by Edmund Brumaghin "Those who cannot remember the past are condemned to repeat it." - George Santayana The Prequel In March 2017, Microsoft released a security update for various versions of Windows, which addressed a remote code execution vu
Taking the FIRST look at Crypt0l0cker
This post is authored by Matthew Molyett. Executive Summary In March, Talos reported on the details of Crypt0l0cker based on an extensive analysis I carried out on the sample binaries. Binaries -- plural -- because, as noted in the original blog, the Crypt0l0cker payload levera
The MeDoc Connection
Summary The Nyetya attack was a destructive ransomware variant that affected many organizations inside of Ukraine and multinational corporations with operations in Ukraine. In cooperation with Cisco Advanced Services Incident Response, Talos identified several key aspects of the
New Ransomware Variant "Nyetya" Compromises Systems Worldwide
Note: This blog post discusses active research by Talos into a new threat. This information should be considered preliminary and will be updated as research continues. Update 2017-07-06 12:30 EDT: Updated to explain the modified DoublePulsar backdoor. Since the SamSam attacks