This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties.  Members and Law enforcement use only. Contact us for any permissions.  To do otherwise will result in the loss of membership.

Complete Story
 

12/10/2019

Updated Ryuk Ransomware Decryptor Could Damage Larger Files

The State of Security

Attackers provided victims who paid with an updated Ryuk ransomware decryptor that could potentially damage their larger files.

Emsisoft found that malicious actors had added numerous new features to Ryuk ransomware over the past year.

In a lesser-known case, attackers gave Ryuk the ability to partially encrypt files that exceeded 54.4 MB in size. This update helped newer variants of the ransomware save time in their encryption process so that they could affect all relevant data before the victim notices.

Partially encrypted files demonstrate an unusual footer at the end of the file, which is where Ryuk’s Hermes file marker stores its RSA-encrypted AES key. This location also usually contains an indicator that shows how many 1,000,000-byte blocks are encrypted by the threat.

Read more...

Printer-Friendly Version


Resources

Alerts

The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.

more information
Resources

Resources

Your electronic library to help in fighting financial fraud for all of our partners.

more information