Player 1 Limps Back Into the Ring - Hello again, Locky!
This post was authored by Alex Chiu, Warren Mercer, and Jaeson Schultz. Sean Baird and Matthew Molyettcontributed to this post. Back in May, the Necurs spam botnet jettisoned Locky ransomware in favor of the new Jaff ransomware variant. However, earlier this month Kaspersky dis
Player 3 Has Entered the Game: Say Hello to 'WannaCry'
By Martin Lee, Warren Mercer, Paul Rascagneres, and Craig Williams. Executive Summary A major ransomware attack has affected many organizations across the world reportedly including Telefonica in Spain, the National Health Service in the UK, and FedEx in the US. The malware re
Jaff Ransomware: Player 2 Has Entered The Game
This post was written by Nick Biasini, Edmund Brumaghin and Warren Mercer with contributions from Colin Grady Summary Talos is constantly monitoring the email threat landscape and tracking both new threats as well as changes to existing threats. We recently observed several la
Crypt0l0cker (TorrentLocker): Old Dog, New Tricks
Without Necurs, Locky Struggles
This post authored by Nick Biasini with contributions from Jaeson Schultz Locky has been a devastating force for the last year in the spam and ransomware landscape. The Locky variant of ransomware has been responsible for huge amounts of spam messages being sent on a daily basis
Cerber Spam: Tor All the Things!
This post authored by Nick Biasini and Edmund Brumaghin with contributions from Sean Baird and Andrew Windsor. Executive Summary Talos is continuously analyzing email based malware always looking at how adversaries change and the new techniques that are being added on an almo
Pumpkin Spiced Locky
This post was authored by Warren Mercer & Edmund Brumaghin Summary We had .locky, we had .odin and then we had .zepto but today we hit rock bottom and we now have Locky using .shit as their encrypted file extension. In today's latest wave of spam, Talos has observed
MBRFilter - Can't Touch This!
Update: 10/20/2016 - MBRFilter has been intentionally made difficult to remove to prevent malware from simply disabling or removing this protection during the infection process. Test thoroughly before deploying within production environments. Summary Ransomware has become incr
LockyDump - All Your Configs Are Belong To Us
This post was authored by Warren Mercer and Matthew Molyett Summary Locky has continued to evolve since its inception in February 2016. This has made it difficult to track at times due to changes in the way in which it's distributed as well as various characteristics of the