Skip to content
Microsoft Secure

Ransomware operators are hiding malware deeper in installer packages

We are seeing a wave of new NSIS installers used in ransomware campaigns. These new installers pack significant updates, indicating a collective move by attackers to once again dodge AV detection by changing the way they package malicious code. These changes are observed in installers that drop ransomware like Cerber, Locky, and others. The trend...

Read more

Ransomware: A declining nuisance or an evolving menace?

The volume of ransomware encounters is on a downward trend. Are we seeing the beginning of the end of this vicious threat? Unfortunately, a look at the attack vectors, the number of unique families released into the wild, and the improvements in malware code reveals otherwise. The trend towards increasingly sophisticated malware behavior, highlighted by...

Read more

Averting ransomware epidemics in corporate networks with Windows Defender ATP

Microsoft security researchers continue to observe ransomware campaigns blanketing the market and indiscriminately hitting potential targets. Unsurprisingly, these campaigns also continue to use email and the web as primary delivery mechanisms. Also, it appears that most corporate victims are simply caught by the wide nets cast by ransomware operators. Unlike cyberespionage groups, ransomware operators do...

Read more

Exploit kits remain a cybercrime staple against outdated software – 2016 threat landscape review series

Despite the disruption of Axpergle (Angler), which dominated the landscape in early 2016, exploit kits as a whole continued to be a threat to PCs running unpatched software. Some of the most prominent threats, from malvertising to ransomware, used exploit kits to infect millions of computers worldwide in 2016. The prevalence of exploit kits as...

Read more

No slowdown in Cerber ransomware activity as 2016 draws to a close

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices. Read our latest report: A worthy upgrade:...

Read more

Been shopping lately? Fake credit card email can spook you into downloading Cerber ransomware

As the shopping sprees become increasingly frenetic during holiday season, it’s hard not to worry about how much credit card debt we’re piling. Some of us rely on email notifications from our banks to track the damage to our finances. So what happens when we suddenly get notified about charges for things we never bought?...

Read more

MSRT July 2016: Cerber ransomware

(Note: Read our latest comprehensive report on ransomware: Ransomware 1H 2017 review: Global outbreaks reinforce the value of security hygiene.)   As part of our ongoing effort to provide better malware protection, the July 2016 release of the Microsoft Malicious Software Removal Tool (MSRT) includes detection for Win32/Cerber, a prevalent ransomware family. The inclusion in...

Read more

The three heads of the Cerberus-like Cerber ransomware

(Note: Read our latest comprehensive report on ransomware: Ransomware 1H 2017 review: Global outbreaks reinforce the value of security hygiene.)   Early this month, we saw a new ransomware family that launches a three-prong attempt to get you to hand over your hard-earned cash. Called “Cerber” (it replaces file extensions with .cerber), we like to...

Read more