Researchers at My Online Security and the SANS Internet Storm Center have analyzed spam campaigns utilizing plausible imitations of legitimate banking domains to spread the Trickbot banking malware.

Researchers have spotted malicious email campaigns using Zip archives to spread NemucodAES ransomware and the Kovter click-fraud Trojan, simultaneously distributing both pieces of malware.

Researchers have spotted an increase in CryptoShield ransomware infections coming from the RIG Exploit Kit used by EITest delivery campaigns.

A spam campaign has started spreading Sage ransomware, while a ransomware service known as Satan allows users to customize distribution.

Researchers have spotted several types of ransomware, including CryptXXX and a fairly new strain, Cryptobit, being pushed through the same shady series of domains. The campaign, called Realstatistics, has tainted thousands of sites built on both Joomla! and WordPress content management systems. Researchers with security company Sucuri observed the campaign injecting bogus analytics code, including the url...

For the second time since June 1, the handlers of CryptXXX ransomware have changed their ransom note and Tor payment site. More importantly to those developing detection signatures and administrators, this update no longer makes changes to the file extensions of encrypted files. “To make it more difficult for administrators, this release no longer uses...

The pseudo-Darkleech campaign is one of the most notorious and ongoing attacks of recent years, making use of major exploit kits to deliver primarily different strains of ransomware. The campaign has been a bit of chameleon since it was disclosed in March 2015 by researchers at Sucuri. The latest bit of its shape shifting involves...

Criminal hackers are fickle about their attack vectors. You need to look no further for evidence of this than their constant migration from one exploit kit to another. And while there is an expansive menu of exploit kits, attackers do seem to congregate around a precious few. Researchers who study exploit kits closely, however, are...

In the ransomware world, it doesn’t take long for today’s darling to become yesterday’s news. Case in point: Locky. Not long ago, Locky was at the core of debilitating infections at major hospitals in California and the Washington, D.C., area, affecting not only access to patient data but also patient care. That was in mid-February...

In short order, the newest version of Cryptowall has begun showing up in exploit kits. The SANS Internet Storm Center said on Tuesday that an attacker working off domains belonging to Chinese registrar BizCN has been moving the ransomware via the Nuclear Exploit Kit. SANS ISC handler and Rackspace security engineer Brad Duncan said that...