How to recover files encrypted by BadRabbit ransomware?

Researchers at Kaspersky Lab has discovered that some victims may be able to recover their files without paying any ransom.   The discovery was made by that analyzed the encryption functionality implemented by the ransomware: the Bad Rabbit leverages the open source library DiskCryptor in order to encrypt the user files, but uses the same screen…

A Petya Ransomware variant that uses the eternalblue exploit starts from Ukraine and spreading…

What we know so far? UPDATE: We have a local vaccine New ransomware start spreading in Ukraine and shutdown a lot of critical infrastructures (hospitals, airport, banks and power plants). Some report coming also from Italy, Germany and Spain. Early comments on VirusTotal indicate the usage of the EternalBlue exploit: Whe started, the malware clears the windows…

WannaCry Ransomware: What we know so far

A press review constantly updated (last update: 20170515 10:00) How it works? Once WannaCry infects a PC behind the firewall, it can move laterally within networks and self-propagate to other systems, scanning and identifying systems with ports 139 and 445 open, listening to inbound connections, and heavily scanning over TCP port 445 (Server Message Block/SMB), which allows…

A new infection vector for ransomware: malicious SVG images via Facebook Messenger

The campaign spreads the Nemucod downloader If you receive any Facebook Message with an .SVG image file, just avoid clicking it: a malicious campaign is spreading a ransomware downloader (Nemucod) among Facebook users by taking advantage of innocent-looking SVG image file to infect computers. The campaign was discovered by malware researchers Bart Blazen and Peter Kruse,…