Author Archives: mbadmin

A new ransomware called CoinVault has been released

(via Bleeping Computer)

Another particularly nasty virus that blackmails you for your own files:

CoinVault is a new ransomware from the same family as CryptoGraphic Locker. Once infected, CoinVault will encrypt all of your data files and then demand a .7 bitcoin ransom to decrypt your files. If you do not pay the ransom within 24 hours, the ransom price will increase.

When you become infected with CoinVault it will configure itself to start automatically when you login to Windows by setting an autostart in the Registry called Vault. The application will then scan your drives for data files and encrypt any that are detected. It will store the path to each file it encrypts in the %Temp%\CoinVaultFileList.txt file.

(Forum Post)

Masque Attack — New iOS Vulnerability Allows Hackers to Replace Apps with Malware

(via The Hacker News)

A security flaw in Apple’s mobile iOS operating system has made most iPhones and iPads vulnerable to cyber attacks by hackers seeking access to sensitive data and control of their devices, security researchers warned.
The details about this new vulnerability was published by the Cyber security firm FireEye on its blog on Monday, saying the flaw allows hackers to access devices by fooling users to download and install malicious iOS applications on their iPhone or iPad via tainted text messages, emails and Web links.

(Full Article)

Koler Android Ransomware Learns to Spread via SMS

(via The Hacker News)

Users of Android operating system are warned of a new variant of Android malware Koler that spreads itself via text message and holds the victim’s infected mobile phone hostage until a ransom is paid.
Researchers observed the Koler Android ransomware Trojan, at the very first time, in May when the Trojan was distributed through certain pornographic websites under the guise of legitimate apps. It locks the victim’s mobile screen and then demands money from users with fake notifications from law enforcement agencies accusing users of viewing and storing child pornography.

 

(Full Article)

Ad-borne Cryptowall ransomware is on the loose

(via TheRegister)

Security watchers are warning of a surge in CryptoWall ransomware victims this month that will coincide with a campaign to spread a new variant of the malware though advertising networks.

Security researchers at Proofpoint warn that a new variant of CryptoWall recently spread through malicious banner ads. Surfers ran a risk of being faced with ransomware purely by visiting one of the impacted sites, which included various properties in the Yahoo!, Match.com, and AOL domains, among others.

(Full Article)

Updated CryptoWall 2.0 ransomware released that makes it harder to recover files

(via Bleepingcomputer.com)

This is a blackmail attempt for access to your files.   As always, it is best to have your important files backed up on a drive not connected to your PC.

A new version of the CryptoWall ransomware has been released titled CryptoWall 2.0 that includes numerous “enhancements” by the malware developer that resolve issues in the previous version. CryptoWall has been a huge threat for computer users and network administrators since it has been released as it will encrypt all local data and data found on network shares. CryptoWall 2.0 now includes changes that make it better for the malware developer and harder for a victim to recover their files for free. These changes include unique wallet IDs to send ransom payments, secure deletion of original unencrypted files, and the use of their own TOR gateway. These changes are further discussed below…

For more on Cryptowall, Bleepingcomputer has further details: http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information

(Forum Thread)