ThreatFeed
Linkedin-in Youtube Facebook-f
VMRay Pricing
Try VMRay

Tag: ransomware

2018-06-05

The Evolution of GandCrab Ransomware

[Editor’s Note: This post was updated on July 9th, 2018 with analysis of Gandcrab v4] Like legitimate commercial software, commercial malware also needs a viable business model. For ransomware, the most popular business model is now Ransomware-as-a-Service (RaaS). RaaS focuses on selling ransomware as an easy-to-use service, opening up a
Read More
2018-03-07

VMRay Malware Analysis Report Recap – February 2018

Welcome to the VMRay Malware Analysis Report Recap. Every month our Research Team provides a recap of the malware analysis reports posted to the VMRay Twitter account. This past February, our team analyzed Black Ruby ransomware, Cobalt Strike Beacon and a Javascript file attempting to detect VMs via the registry.

Read More
2018-02-07
VMRay Malware Analysis Report Recap – February 2018

VMRay Malware Analysis Report Recap – January 2018

Welcome to the VMRay Malware Analysis Report Recap. Every month our Research Team provides a recap of the malware analysis reports posted to the VMRay Twitter account. This past January, our team analyzed a variant of BigEyes/Lime ransomware, GandCrab ransomware and Lotus Blossom malspam. Click the links below to jump
Read More
2018-01-09

VMRay Malware Analysis Report Recap – December ’17

Welcome to the VMRay Malware Analysis Report Recap. Every month our Research Team provides a recap of the malware analysis reports posted to the VMRay Twitter account. This past December, our team analyzed a variant of Globeimposter ransomware, a Windows Script File (WSF) that downloads a payload to set-up a
Read More
2017-12-05

VMRay Malware Analysis Report Recap – November ’17

Welcome to the VMRay Malware Analysis Report Recap. Every month our Research Team provides a recap of the malware analysis reports posted to the VMRay Twitter account. This past November, our team analyzed a malicious Javascript file, the Ordinypt wiper, and a variant of the XZZX Cryptomix ransomware. Click the
Read More
2017-10-18

DDE Ransomware in a Macro-less Word Document

Malware Family: Vortex SHA256 Hash Value: bd61559c7dcae0edef672ea922ea5cf15496d18cc8c1cbebee9533295c2d2ea9 View the Full VMRay Analyzer Report Macros in Microsoft Office have been used extensively by malware authors as a mechanism to download and execute a malicious payload on a system. Defensive measures introduced by Microsoft such as disabling macros by default have not
Read More
2017-07-14

Petya/NotPetya/ExPetr Cyber Attack is More Wiper Than Ransomware

Malware Family: (Not)Petya Hash Value SHA256: 027cc450ef5f8c5f653329641ec1fed 91f694e0d229928963b30f6b0d7d3a745 View the Full Petya Analysis Report According to Microsoft, the Petya (also referred to as NotPetya/ExPetr) Ransomware attack started its initial infection through a compromise at the Ukrainian company M.E.Doc, a developer of tax accounting software. We took a closer look and
Read More
2017-05-17
Jaff Ransomware Hiding in a PDF document

Jaff Ransomware Hiding in a PDF document

The challenge for a malware author today has more to do with creativity than a deep technical understanding. There are plenty of good trojan building tools out there to make the job easier. But once the author has a finished creation, the big challenge is how to get the finished
Read More
2017-05-15
Wanna Decryptor Worm Spreads Over MS17-010 Vulnerability

Wanna Decryptor Worm Spreads Over MS17-010 Vulnerability

About one month ago, the Shadow Brokers hacker group published a set of NSA hacking tools, that included zero-day exploits. One of these exploits is known as the ETERNALBLUE Server Message Block Protocol (SMB) vulnerability (MS17-010). It was only a matter of time before the inevitable happened. A malware author
Read More
2017-05-09

Anti-Sandboxing Techniques in Cerber Ransomware Can’t Detect VMRay Analyzer

A new variant of Cerber ransomware is in the wild and has built-in anti-sandbox tools to detect hooking-based sandbox environments, as explained in this article by Cyphort. The limitations of a hooking-based approach, where a driver is injected into the target environment and ‘hooks’ API calls, allow the malware to
Read More

Uncover the truth of Cybersecurity, one story at a time

Keep up to date with our weekly digest of articles. Get the latest news, invites to events, and threat alerts!

Subscribe to our Newsletter

Subscribe to our Newsletter:

Linkedin-in Youtube Facebook-f

Solutions

Products

Why VMRay

Resources

Missed the headlines?

We’re featured in:

image 15
image 16
image 17
image 18
© Copyright 2013-2025 VMRay

ThreatFeed

Linkedin-in Youtube Facebook-f
VMRay Pricing
Try VMRay

Tech Insights Deep Dive of April:
Detection Strategies & Operational Excellence

join VMRay for two powerhouse webinars designed to sharpen your threat detection and response capabilities — featuring a special joint session with Red Canary:

Live session's over. Watch the on-demand video to learn how VMRay and Red Canary combine forces to deliver faster, smarter threat detection!

Watch The Video

Learn how to cut phishing triage time with automated detonation and deep analysis — quickly uncover threats while improving response accuracy!

Watch The Video