Starting October 19, 2017, the actors behind Locky distribution started using a new loader to drop their Ransomware. The new loader has been dubbed QTLoader or QTBot based on some strings and registry keys used by the malware. The use of the so-called QTLoader coincided with the adoption of the DDE AUTO feature of Office…
The actors behind the Locky Ransomware family have adopted the recent highly publicized Dynamic Data Exchange (DDE) protocol vulnerability to deliver their malware. The DDE technique has been around for some time, but it was recently brought to attention by the people over at SensePost on October 9, 2017. The technique essentially allows for code…
On Friday May 12, 2017, version 2.0 of the WannaCry (WanaCry) Ransomware generated global interest due to infecting a number of systems in high profile government institutions across the globe including the NHS, Russian Interior Ministry, FedEx, the Russian Police, one of the largest cellphone operators in Russia (MegaFon), and the Frankfurt S-Bahn. The malware…