Threat intelligence involves learning about new attacks, adversaries, campaigns, and malware families through distinct pieces of information often referred to as indicators of compromise, or IOCs. The more we m...
Unit 42 had a busy week! Researchers Robert Falcone and Jen Miller-Osborn observed a 9002 Trojan delivered using a combination of shortened links and a shared file hosted on Google Drive.
By mid-July 2016, the Afraidgate campaign stopped distributing CryptXXX ransomware. It is now distributing the ".zepto" variant of Locky. Afraidgate h...
Unit 42 found Andromeda malware targeting Italian users in recent spam campaigns, and shared a technical walkthrough of the Office Test persistence method used in recent Sofacy attacks. The team also discovered...
Unit 42 has recently discovered a new variant of PowerWare, also known as PoshCoder, imitating the popular Locky ransomware family. PoshCoder has been encrypting files with PowerShell since 2014, and the new va...
If 2015 was the year of the healthcare breach, 2016 is shaping up to be the year of ransomware.By this time last year, 105 healthcare breaches had been reported to the U.S. Department of Health and Human Servic...
We’ve rounded up all of the top Palo Alto Networks news from the past week right here.Unit 42 discussed Afraidgate, a major exploit kit campaign swapping Locky ransomware for CryptXXX. The team also highlighted...
In mid-April 2016, a campaign using Nuclear Exploit Kit (EK) to distribute Locky ransomware switched to using the Angler EK to install CryptXXX ransom...
Today we identified a new tool actively being used by the Locky ransomware family to evade detection and potentially infect endpoints. Unit 42 identified slight changes in Locky de...
The Palo Alto Networks threat intelligence team, Unit 42, observed Locky ransomware installed through nuclear exploit kits. Our researchers also examined the campaign evolution of Darkleech to pseudo-Darkleech...
In February 2016, Unit 42 published detailed analysis of Locky ransomware. We certainly weren’t the only ones who saw this malware, and many others have also reported on it. Since that time, Locky has been freq...
Unit 42 observed Locky, a new ransomware that mimics Dridex-style distribution. They also discovered a new Android Trojan “Xbot” that phishes credit cards and bank accounts, and encrypts devices for ransom.
Ransomware persists as one of the top crimeware threats thus far into 2016. While the use of document-based macros for ransomware distribution remains relatively uncommon, a new family calling itself "Locky" ha...
Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.