CYREN Security Blog




Locky Returns After 22 Day Break with Sandbox Evasion Techniques

by Maharlito Aquino

There has been much speculation in the Internet Security industry about the status of Locky – the ransomware heavyweight of February-May 2016 which suddenly ceased distribution at the start of June. As we previously reported Locky was distributed in vast email outbreaks, many times exceeding 10 billion emails/day and often with hundreds of thousands of variants.

This article discusses the current theories for the sudden drop...

Corporate Crime and Hospital Hacks - Locky Shuts Down Businesses

by Simone Leyendecker

Filed under Security Research & Analysis, Web Security.

Viral pandemics are certainly cause for a hospital to declare a “state of emergency.” But in the case of Methodist Hospital in Kentucky, the virus that caused the “internal state of emergency” didn’t relate to hundreds of patient-filled stretchers...

In this instance, Locky had infected the hospital’s entire computer system, forcing the hospital to pay four bitcoins (approximately $1,600) to obtain the decryption key!

Bitcoin Phishing Targets Users via Google AdWords

by Avi Turiel

As we have pointed out several times, cybercrime is a business, and running a malware or phishing campaign does require some financial investment by the bad actors.  Rental of a botnets, purchase of exploit kits, and acquisition of compromised site lists are all expenses that need to be covered by the campaign. 

A recent phishing attack detected by CYREN clearly shows this investment, as the attack vector is pay-per-click advertising via Google AdWords. 

CYREN's May 2016 Cyberthreat Report - Overview

by Lior Kohavi

Filed under Cyberthreat Report, Security Research & Analysis.

Over the last few years, we’ve repeatedly reported on the fact that cybercriminals are stealthy, smart, and sophisticated. They’re building global organized cybercrime syndicates and, with one simple piece of malware, can generate millions of dollars in just a few days. Like any aggressive business, they’re capable of altering their tactics to adapt to changing business and technical environments.

CYREN just released its May 2016 Cyberthreat Report.This article gives an overview about the most important learnings, and most dangerous cyberthreats examples - like Locky ransomware...


Ransomware — Protect Yourself or Pay

by Dan Maier

Filed under Email Security, Phishing, Ransomware, Web Security.

Ransomware has surged dramatically this year with the launch of a new variant called “Locky.” Delivered via massive malicious spam blasts (malspam), Locky represented 40% of all malware distributed worldwide during the first quarter of 2016.

And as these attacks have become more sophisticated, attackers are increasingly targeting businesses and organizations that have deeper pockets. So far, law enforcement has been helpless to stop these threats, IT teams are struggling and failing to protect their organizations, and attackers are raking in the money.