Researchers who dig deep through the code of one of the latest strains of ransomware might be surprised and even a little irked at what they find. Hidden inside some of those strings of code are taunts aimed at them. According to Lawrence Abrams who runs BleepingComputer.com, the malware, BlackShades Crypter a/k/a SilentShades was spotted late last...

CryptXXX ransomware has received a major overhaul by its authors, putting it on the fast track to unseat Locky as top moneymaker for criminals. Researchers at Proofpoint said that on May 26, cybercriminals released an updated CryptXXX 3.100 version of the ransomware that includes a new StillerX credential-stealing module that gives attackers additional capabilities to monetize an attack....

Ransomware as a business is maturing and nowhere is that better illustrated than in Russia, according to Flashpoint researchers. The security firm released two reports on Thursday, one on a burgeoning ransomware-as-a-service business model (PDF) in Russia and the second on new developments in Russian ransomware kingpins targeting hospitals (PDF). Researchers conclude, the ransomware industry...

Exploits for the most recent Adobe Flash Player zero-day vulnerability have been integrated into the Neutrino and Magnitude exploit kits, and are leading compromised computers to different ransomware strains and a credential-stealing Trojan. A French researcher who goes by the handle Kafeine told Threatpost that Neutrino has embedded a working exploit for CVE-2016-4117 while Magnitude...

The criminals behind the TeslaCrypt ransomware have closed up shop and publicly released the master decryption key that unlocks files encrypted by the malware. The news is significant given the investment and constant innovation devoted to TeslaCrypt, which has been one of the most active crypto-ransomware strains since it debuted in February 2015. Researchers at...

Starting in April security experts at FireEye spotted a massive uptick in Cerber ransomware attacks delivered via a rolling wave of spam. Researchers there link the Cerber outbreaks to the fact that attackers are now leveraging the same spam infrastructure credited for making the potent Dridex financial Trojan extremely dangerous. Cerber, which is best known...

The Petya ransomware strain signaled a new escalation for crypto-malware when it surfaced in March. For the first time, ransomware went beyond encrypting files on local and shared drives and instead set its sights on locking up the Master File Table on compromised machines. Petya did have its shortcomings and before long, researchers were able...

Mike Mimoso, Chris Brook, and Threatpost’s newest reporter, Tom Spring, discuss the week in news, including a first hand account of an online casino’s experience with a Teslacrypt infection, Brazil shutting down WhatsApp, and attackers mining an ADP portal for W-2s. Download: Threatpost_News_Wrap_May_6_2016.mp3 Music by Chris Gonsalves

It’s rare a week goes by now without a new strain of ransomware making headlines. Researchers described one of the latest earlier this week, a relatively affordable ransomware-as-a-service named AlphaLocker. One of the main selling points to AlphaLocker is how cheap it is; the ransomware can be purchased directly from the author for as little...

For online casinos, business begins to peak as gamblers punch out of work and belly-up to virtual blackjack tables. But on this Tuesday in February at 5p.m., the odds were not in the house’s favor. That’s when this virtual casino—with tens of millions of dollars in virtual transaction data, thousands of user profiles and millions...