The second quarter of 2017 brought ransomware to unprecedented levels with worldwide outbreaks that went almost out of control. In scenarios reminiscent of yesteryears worms,想哭创造了全球恐慌,因为它在SMBV1协议中使用了关键的漏洞来像野火一样传播。

几小时内,成千上万的机器over 150 countries were infected and as investigations into the attacks went on, it was discovered that other threat actors had also been leveraging the leaked government-created exploits.

勒索软件仍然是恶意软件分布最多的类型,在6月与Cerber,Troldesh和Jaff之类的所有威胁占70%。有趣的是,我们目睹了与勒索软件一起交付的其他有效载荷,同时用Cerber,Kovter,Nymain和Boaxxee感染了用户。

In this report, we will provide a quick update on the ransomware that does not want to die off, namely Locky and also review the latest outbreak with the rebranded彼得这在乌克兰造成了破坏,并影响了几家跨国公司。

With all this ransomware buzz, we can’t forget about the “other threats” which, as a matter of fact, were also somewhat influenced by the aforementioned events. Malvertising was the major engine behind drive-by download attacks that leveraged various exploit kits, most notably RIG EK, Magnitude EK and Astrum EK.

We noted new and somewhat unexpected tech support scam campaigns, with for instance the use of spam and fake Amazon notifications. Typically those come with malicious attachments but in this instance, they contained links that ultimately locked up the user’s browser and urged to dial the so-called Microsoft technicians.

最后,如果没有我们通常的研究人员聚光灯部分,该报告将是不完整的,其中包括让·菲利普(Jean-Philippe)的“ Tinfoil Hat” Taggart。

在此处下载完整报告

Thanks for reading and safe surfing!