SANS Internet Storm Center, InfoCON: green

Syndicate content SANS Internet Storm Center, InfoCON: green
SANS Internet Storm Center - Cooperative Cyber Security Monitor
Updated: 55 min 34 sec ago

ISC Stormcast For Monday, June 27th 2016 http://isc.sans.edu/podcastdetail.html?id=5057, (Mon, Jun 27th)

2 hours 32 min ago
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Security Posts

Bart - a new Ransomware, (Sun, Jun 26th)

Sun, 2016/06/26 - 19:27
Phishme is reporting the discovery of a new ransomwarewhich its creators have named Bart. Bart shares several commonalities with the Locky ransomware. Bart is delivered by thesame downloader, RockLoader. The payment site baresa striking resemblance to the Locky page. But Bart also deviates from Locky in other ways. The ransom is much higher, 3 Bitcoins,approximately $2000. But probably the most striking difference is that unlike most ransomware variants Bart does not require a command and control to facilitate the encryption and in fact looks like it has no command and control capability. Bart does not utilize the complex public-private key or symmetric encryption methods that have become common in ransomware. Instead it stores the encrypted files in password protected zip files, and utilizes a victim id and a tor-based payment website to facilitate decryption. Unfortunately, no decrpyter is yet available. More information on Bart can be found at the Phishme website. -- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Security Posts