Tag Archives: Palo Alto

Resource updates: April 5th-7th 2018

Updates to Anti-Social Media 

Updates to Cryptocurrency/Crypto-mining News and Resources

Updates to Meltdown/Spectre – Related Resources

Only distantly related, but…

Updates to Specific Ransomware Families and Types

[3rd April 2018] Peter Kálnai and Anton Cherepanov for ESET: Lazarus KillDisks Central American casino – “The Lazarus Group gained notoriety especially after cyber-sabotage against Sony Pictures Entertainment in 2014. Fast forward to late 2017 and the group continues to deploy its malicious tools, including disk-wiping malware known as KillDisk, to attack a number of targets.”

Updates to Mac Virus


David Harley


Blank Slate, Blank Cheque

Brad Duncan for Palo Alto: “Blank Slate” Campaign Takes Advantage of Hosting Providers to Spread Ransomware.

Palo Alto call it ‘Blank Slate’ because the malicious attachment is distributed via a blank email (spoofed sender and no message content).

Apparently primarily distributes Cerber, but also Sage 2.0 and Locky.

David Harley

Decrypter for Locky-imitating PowerWare

Zeljka Zorz reports for Help Net Security: Decrypter for Locky-mimicking PowerWare ransomware released – Palo Alto Networks’ researchers have created a decrypter for the variant of the PoshCoder ransomware that imitates the Locky ransomware. Josh Grunzweig’s decryptor is a Python script available here.

Zeljka points out ‘They can try following these instructions on Python.com on how to run a Python script on Windows, or ask someone more knowledgeable to help them clean their machine up.’

Added to the relevant resources page here.

David Harley

KeRanger OS X ransomware campaign

[Updated 7th March 2016:

According to a ComputerWorld story, (and confirmed elsewhere) Apple has revoked the certificate of the compromised version of BitTorrent client Transmission and updated Xprotect.]

Palo Alto reported on March 6th that New OS X Ransomware KeRanger Infected Transmission BitTorrent Client Installer: they believe this to be ‘the first fully functional ransomware seen on the OS X platform.’ At any rate, it looks like a capable piece of malware. According to fortune.com,  Palo Alto plans ‘to release a blog advising Mac users on ways to check to see if they were infected with the virus and steps they can take to protect against it harming their data’.

Info also added to the Mac Virus blog and the AVIEN ransomware resource page. More info as the story develops, if time allows.