ransomware

  1. AA20-106A: Guidance on the North Korean Cyber Threat

    Original release date: April 14, 2020 | Last revised: April 15, 2020 Summary The U.S. Departments of State, the Treasury, and Homeland Security, and the Federal Bureau of Investigation are issuing this advisory as a comprehensive resource on the North Korean cyber threat for the international...
  2. AA20-099A: COVID-19 Exploited by Malicious Cyber Actors

    Original release date: April 8, 2020 Summary This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). This alert provides information on...
  3. VIDEO AA20-049A: Ransomware Impacting Pipeline Operations

    Original release date: February 18, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) framework. See the MITRE ATT&CK for Enterprise and Link Removed frameworks for all referenced threat actor techniques and mitigations. CISA...
  4. AA19-339A: Dridex Malware

    Original release date: December 5, 2019 Summary This Alert is the result of recent collaboration between the Department of the Treasury Financial Sector Cyber Information Group (CIG) and the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) to identify and share...
  5. Customer Guidance for the Dopplepaymer Ransomware

    Microsoft has been investigating recent attacks by malicious actors using the Dopplepaymer ransomware. There is misleading information circulating about Microsoft Teams, along with references to RDP (BlueKeep), as ways in which this malware spreads. Our security research teams have investigated...
  6. Windows 10 Malware, Ransomware and Bit-locker Security.

    Hi. I recently lost 100,000 personal pictures and a lot of music I wrote for many years. I lost it to a ransomware, with a DOCM extension. I looked online and it said it was new and the encryption was done repeatedly up to 10 times deep. I happened to have ALL my backup usb hard drives attached...
  7. How Ransomware and AI Are Making Tape Backup More Viable

    As ransomware gets smarter and the use of AI increases, tape-based backup offers some security and budget relief. Continue reading...
  8. AA18-337A: SamSam Ransomware

    Original release date: December 03, 2018 Summary The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) are issuing this activity alert to inform computer network defenders about SamSam...
  9. P

    system restore

    When I tied to run this with 1803 t said the probable cause was an a/v interfering. I only have MBAM so I disabled it by right clicking and selecting "quit". When I ran system restore again the same thing happened. Can Windows be working against itself so I should disable ransomware etc.? I...
  10. Windows 10 Strange happenings in a new Win10 install

    Just did a new PC build and have been forced to upgrade to Win10, --- Not a happy camper, but resigned to it. A few days ago I began getting this every time the OS is loaded: Then, I found this on one of my data drives about the same time: There has been nothing to indicate a ransomware...
  11. K

    Hide backup drives from malware

    I have implemented a method to 'hide' external USB backup drives from Windows. The process works as follows: - use Device Manager to determine the Hardware ID or Parent ID of the USB drive - label the USB drive appropriately - create a script to invoke Removedrive (freeware by Uwe Sieber) with...
  12. TA17-181A: Petya Ransomware

    Original release date: July 01, 2017 | Last revised: July 28, 2017 Systems Affected Microsoft Windows operating systems Overview This Alert has been updated to reflect the National Cybersecurity and Communications Integration Center's (NCCIC) analysis of the "NotPetya" malware variant. The...
  13. TA17-132A: Indicators Associated With WannaCry Ransomware

    Original release date: May 12, 2017 | Last revised: May 19, 2017 Systems Affected Microsoft Windows operating systems Overview According to numerous open-source reports, a widespread ransomware campaign is affecting various organizations with reports of tens of thousands of infections in...
  14. TA16-336A: Avalanche (crimeware-as-a-service infrastructure)

    Original release date: December 01, 2016 | Last revised: December 14, 2016 Systems Affected Microsoft Windows Overview “Avalanche” refers to a large global network hosting infrastructure used by cyber criminals to conduct phishing and malware distribution campaigns and money mule schemes...
  15. F

    Windows 7 Windows updates NOT Compaq laptop

    I have an older laptop that I try to keep secure with windows updates. Especially In the wake of all these ransom ware attacks. When new updates are issued on my desktop, I check the laptop to see if it will be getting same. Never happens. When I go to my security menu and ask for windows...
  16. TA17-181A: Petya Ransomware

    Original release date: July 01, 2017 Systems Affected Microsoft Windows operating systems Overview On June 27, 2017, NCCIC was notified of Petya ransomware events occurring in multiple countries and affecting multiple sectors. Petya ransomware encrypts the master boot records of infected...
  17. Update on Petya malware attacks

    As happened recently with WannaCrypt, we again face a malicious attack in the form of ransomware, Petya. In early reports, there was a lot of conflicting information reported on the attacks, including conflation of unrelated and misleading pieces of data, so Microsoft teams mobilized to...
  18. Info on today's Petya-based worldwide attack

    A modification of the Petya ransomware is making the rounds today, and our threat labs shares information on the background of this variant, how it's infecting machines (the same exploit as WannaCry) and how to stay safe. We've blocked ~12,000 malware attacks today utilizing this exploit and...
  19. Windows 7 Cannot Access XP from Windows 7/8 after updating windows update MS17-010

    Hello guys...! We use various OS such as Windows XP, Windows 7, Windows 8 in our office. In the beginning there's no networking problem, Windows XP can access to higher Windows, and Windows 7/8 can access Windows XP. Everything's fine until installing windows update MS17-010 on last Monday for...
  20. D

    Windows 10 Questions - Eliminating Ransomware

    I'm trying to understand the nature of virus/malware/ransomware to better apply my backup strategies. So here are some questions I have: Question Scenario #1 - Lets say I have 2 internal hard drives connected to my PC. One with Windows10 installed and the other one with Linux installed. I use...