Tag Archives: Heimdal Security

Heimdal’s Anti-Ransomware Guide

There are plenty of articles offering guidance on preventing or dealing with ransomware, but this one has a good list of decryption tools, so well worth a look.

Ana Dascalesu for Heimdal: Ransomware Decryption Tools – Unlock Your Data for Free

“These free tools will help you decode your data without paying the ransom”

David Harley

Ransomware Updates (2)

(1) Action Fraud article about DDoS extortion threats by a hacking group: Online extortion demands affecting businesses. Commentary by SC Magazine: Action Fraud warns of new wave of Lizard Squad DDoS attacks

(2) Catalin Cimpanu for Softpedia: Decrypter for Alpha Ransomware Lets Victims Recover Files for Free.

(3) CryptoMix: ransomware that makes the ludicrous claim that the 5 bitcoin ransom will be paid to a children’s charity. Related to CryptoWall 4.0 and CryptXXX: no free decrypter currently available.

David Harley

Pony, Angler, Cryptowall ransomware

Another article from Zeljka Zorz for Help Net SecurityA deadly campaign delivers Pony info-stealer followed by Cryptowall ransomware, based on an article from Heimdal Security’s Andra Zaharia. The data stealer Pony is installed on the victim’s PC and forwards credentials to the attackers’ C&C (Command & Control) servers: these username/password combinations are used to compromise legitimate servers by injecting a malicious script, used to send victims to other sites serving the Angler exploit kit (EK). Cryptowall 4.0 is installed on vulnerable systems.

Another article at Heimdal – The Evolution of Ransomware: Is Cryptowall 5.0 Around the Corner? – looks at the ransomware business model and speculates a little on how future versions of Cryptowall might be ‘improved’.

David Harley