PetrWrap: A new Ransomware attack

Today, 27 June2017, a massive Ransomware attack, PetrWrap variant of Ransomware/Petya, has been identified world wide. Firsts data revelaed that threat has been distributed in particular in Ukraine, Russia, Poland, Italy and Germany and some sources confirm also an infection in the USA, England, France, India and Spain.  Technical AnalysisPetrWrap is part of Malware Ransomware macro-family, threats able to crypt users' and organizations' … Continue reading PetrWrap: A new Ransomware attack

Sorint.SEC at Security Summit Rome 2017

Sorint.SEC will wait you to exhibition area from 09:00 AM to 06:00 PM.We are waiting for you from 7th to 8th June to Auditorium della Tecnica (Confindustria) in Rome.Stay tuned and let's discover further updates to timetable . 7th - 8th June 2017Autorium della Tecnica - Viale Tupini, 65 - Rome (Italy)Register Now! Segreteria Organizzativatel  +39 02 56566411 mail to info@astrea.prowww.securitysummit.it #securitysummit#CulturaAlSummit Share on facebook Share on twitter … Continue reading Sorint.SEC at Security Summit Rome 2017

Massive Campaign Malware Eternalrocks

Yesterday, 22nd May 2017, a massive campaign of Malware EternalRocks has been identified.Actually we don't know the real malware spread.EternalRocks appears an evolution of ransomware WannaCry family, but this malware has been developed with the purpose to be silent on victim systems.This malware uses an higher number of Exploit to spread.In particular this malware uses SMB exploit: ETERNALBLUE, ETERNALCHAMPION, ETERNALROMANCE and ETERNALSYNERGY … Continue reading Massive Campaign Malware Eternalrocks

Possible Ransomware / Wannacry Decrypter

In the last few hours a decrypter tool has been released able to decrypt data encrypted by Ransomware / Wannacry. Following you can find links for tool and release:https://github.com/gentilkiwi/wanakiwihttps://github.com/gentilkiwi/wanakiwi/releases Tool is able to decrypt data on these following S.O.:Windows XPWindows Server 2003Windows VistaWindows 7Windows Server 2008 "Decryption" can be done only if these conditions are respected:The infected machine shouldn't have … Continue reading Possible Ransomware / Wannacry Decrypter

Massive Campaign Trojan / Bitcoinminer

In these 2 days, thanks to our systems, we have been able to identify different massive campaigns with .zip attachments, including executable files (.exe) of Trojan / Bitcoinmer malware family. E-mails have this subject "Fattura TIM linea Fissa - Maggio 2017 - scadenza 06/05/2017" and have a .zip attachment with the following MD5 hash: 9eb45190079e29de371b4993f76920f1 Once … Continue reading Massive Campaign Trojan / Bitcoinminer

Ransomware / Cryptolocker

In the last couple of days we detected a high number of distribution campaings for the Ransomware/Cryptol0cker.Received files are in particular .js and .doc and the e-mail subject has the prefix "Contratto" and 6 decimal numbers: Contratto [XXXXXX]Example:Contratto 129917Contratto 165738 Files' name enclosed have the following pattern:[XXXXXX].doc[XXXX].js Example:447095.doc5044.js Files execute the Ransomware/Cryptol0cker at the following URL: hxxp://twentymind.tw/file/dew.fgh Downloaded file has the following MD5:6526CF077EA67E41F643F5357C20AFBC Condividi su facebook Condividi … Continue reading Ransomware / Cryptolocker

SKID: A New Javascript Backdoor

Analyzing a Customer EndPoint, we identified a new threat that expolits a recent exploit S.O. Micorosft Windows technique, discovered on April 2016 and called "Applocker Bypass".We called this threat "SKID", because inside the code there are a lot of keywords with this name. Indicators of Compromise to detect compromised EndPoint are advertised.APPLOCKER BYPASS - EXPLOITING TECHNIQUESThe … Continue reading SKID: A New Javascript Backdoor