Ransomware is a particularly insidious category of malware that can lock computers, encrypt files, or both, and hold them for ransom. Many different ransomware strains can vary in their functionality and infection capabilities. And as you may have noticed, some ransomware strains also have colourful names. What do the ransomware names mean, and what makes one ransomware different from the next?

Ryuk 

Ryuk is a Shinigami or God of death in the Japanese animated series Death Note. The show’s protagonist discovers the character and attempts to use him for good deeds while fulfilling Ryuk’s hunger for amusement. Fans have drawn entertainment both from Ryuk and the show’s dark humour. 

Unfortunately, there’s nothing humorous about Ryuk ransomware, which researchers found in 2017. What makes Ryuk ransomware more threatening than other strains is its ability to isolate network drives and resources and delete and disable restoration tools and backup systems. It can also spread more easily with its new worm-like capabilities. 

Extortionists typically use Ryuk for targeted attacks. The malware has infected businesses, media websites, and even hospitals. Researchers estimate that the malware raised over $61 million between February 2018 and October 2019 alone. 

Petya 

Petya is another ransomware strain with a name drawn from popular culture. In the 1995 James Bond film GoldenEye, Petya was a Soviet weapon satellite carrying a weapon of mass destruction. The Petya ransomware was similarly destructive and innovative, though it wasn’t unusually infectious. 

The first Petya ransomware strain was unique because it blocked victims from accessing their computers rather than encrypting files. The malware spread through phishing emails that carried job offers. But for Petya to unleash havoc, users had to agree to grant it administrative control, which many experienced users recognized as a red flag.  

Later versions of Petya were more infectious and even more dangerous. One, in particular, NotPetya, may still give many computer users nightmares.

NotPetya

In 2017, a variant of Petya started infecting computers that were so different that researchers dubbed it ‘NotPetya’ to help people understand it was new ransomware. NotPetya was part of a cyberattack in Europe, primarily targeting companies in Ukraine. Later, NotPetya spread to Germany, Italy, France, Poland, the United Kingdom, and the United States. Unlike Petya, NotPetya did not seek administrative permissions. It also used a Windows Server Message Block (SMB) protocol exploit called EternalBlue. While many researchers believe that the ransomware started from Russia as a political attack, its exploit may have been stolen from the U.S. National Security Agency (NSA). 

WannaCry

WannaCry got its name from strings of codes found in initial samples of the malware, but the name was apt because it made a lot of organizations want to shed tears of grief. The crypto-ransomware exploited an SMB vulnerability to infect countless hospitals, banks, and other companies globally, costing billions. Investigators later found that elements in North Korea were responsible for the malware. These are four pieces of ransomware with interesting names. To protect your data from any of them, use the most secure version of your operating system and invest in anti-malware technology with ransomware rollback capabilities.

Suggested:

10 Ways to Protect Yourself from Ransomware.

What Security features must have in Good Antivirus?

The post What Do the Ransomware Names Mean? appeared first on Tricky Enough.

Indeed, the war against malware is anything but won; according to one study, a new variant of malware emerges every 4.6 seconds, meaning you still need the best internet protection on all your devices if you want your data to stay safe. Considering the hordes of cybercriminals developing malicious software, it should hardly be surprising that you aren’t up-to-date on the latest and worst malware. Today, we’ll help you with that by explaining three big bugs lurking online.

Azorult

Admittedly, Azorult has been lurking online since 2016, but within the past few months, the virus has gotten a serious upgrade, making it more dangerous than ever. Sometimes written as AZORult, this Trojan finds its way onto victim devices like other Trojans do: By looking like an innocuous program. However, once installed, Azorult begins combing the device for valuable information its executors can use or sell.

Initially, Azorult seems to have been written for the express purpose of finding and taking payment card information as well as passwords saved in browsers, cookies, message and email history and files saved to the Desktop. However, this year its uses have expanded even beyond these. In July 2018, a new variant was found for sale, advertising abilities like stealing browser history and theft of cryptocurrency wallets, which is particularly alarming to those users who bought into the Bitcoin boom earlier this year. Worse, Azorult has improved its encryption abilities, making it more difficult for authorities to identify perpetrators, and the malware can also use system proxies to hide from law enforcement.

Suggested:

VPN, cybersecurity and saving money online.

Though Azorult can do much when it is installed on your devices, it isn’t any craftier than most malware at tricking you into downloading and executing the program. Thus, by being careful of where and what you download — and by installing a thorough antivirus scanner — you should be able to stay safe from this threat.

DarkPulsar

DarkPulsar is more often called an “implant” because it doesn’t represent the entirety of a piece of malware; rather, it is a module within a larger malicious program that improves hackers’ ability to execute and control the virus. Specifically, DarkPulsar is an administrative interface code used by malware designed to build backdoors into devices. Even when most of the malware is removed, DarkPulsar often remains behind, giving hackers continued access to victimized devices.

What makes DarkPulsar particularly nefarious is that it was likely developed the U.S. National Security Agency (NSA). In spring of 2017, a hacking organization called the Shadow Brokers published malicious code developed by the NSA, including EternalBlue which powered three of last year’s most devastating ransomware outbreaks: WannaCry, NotPetya and Bad Rabbit. Already, DarkPulsar has been used in malware that has found its way into dozens of devices, and a larger eruption could be imminent.

Currently, all attacks using DarkPulsar have been overseas and on devices using outdated operating systems. Still, should hackers using DarkPulsar turn their sights to American devices, you can again stay safe by maintaining high cyber hygiene and running your antivirus scan often.

Oceansalt

In 2013, a Chinese hacking group gained immediate notoriety for its successful infiltration of more than 100 U.S. companies, resulting in the extraction of hundreds of terabytes of data before the group seemingly vanished into thin air. That group was known as APT1 — and their legacy lives on today in the form of a pernicious malware.

Specifically, a type of malware developed and used by APT1 much earlier, in 2010, is seeing new life around the web. This is surprising to most infosec professionals — not because the practice of reusing malware is uncommon (the repurposing of NSA-developed malware shows that hackers love lifting others’ code for their own designs) but rather because APT1’s malware was never released to the public, and it was never available o the black market. Though it can’t be said for certain, this strongly indicates that APT1, or rogue members of the hacking group, are once again active.

The remixed malware, which has been dubbed Oceansalt, has been used in spearphishing attacks. This means that unlike most malware, which floats around the internet waiting to attack anyone who downloads the infected program, Oceansalt was built and executed with specific targets in mind. The malware functions as a reconnaissance tool, sending information about activities back to hacking HQ. For now, it seems unlikely that you will become a victim of Oceansalt, but you might want to monitor the evolution of APT1’s code, which could be used in future malware attacks.

Suggested:

Huge risks to mobile App security.

How To Delete Downloads From Your Computers And PC?

Just when you think you are up-to-date on the latest and scariest malware, more malicious programs emerge. Hopefully, you come away from this article knowing more about the current threat landscape and equipped with new tools and tricks for staying safe online.

The post Azorult, Dark Pulsar, Oceansalt, Oh My! New Malware to Watch out for appeared first on Tricky Enough.