Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Cybereason Has Intercepted a New Ransomware Operation

Prnewswire.com reported on 8th July, 2015 stating that Cybereason, a security firm, recently announced the discovery of a massive ransomware operation which it has named "Operation Kofer".

"Operation Kofer" depends on commonly used payloads and it changes the way in which the ransomware is delivered and packaged to avoid detection. Self- created variants by the group might look unrelated especially without being analyzed together to an inexperienced eye.

Kofer generates new variant for every target based on an automatic algorithm which permits the malware to elude signature-based detection and sandbox detection.

SCMagazine.com published news on 8th July, 2015 quoting Uri Sternfeld, Senior Security Researcher of Cybereason, as saying: "Operation Kofer has developed a way to take the present (ransomware) tools and package them in a way which can attack continuously and even sometimes the same victim with numerous variations. So, even if (organisations) catch one variant, they will not be able to catch another."

For example, one variant might use an icon of Adobe PDF document in the initial phishing email attached with a .scr file hidden as a resume. Another variant might use the PDF icon also but with a different file name and ransomware.

It is exactly not clear how Kofer operation has spread so widely but researchers claim that they have seen variants which have targeted Polish, Spanish, Turkish and Swiss organisations among others suggesting that it may be a Euro-centric threat.

The concept of a ransomware crew using changing techniques constantly to change a footprint of a malware is somewhat a new concept.

Threatpost.com published news on 8th July, 2015 quoting Sternfeld as saying: "In fact, if the versions of Kofer are coming from a single source, then this can indicate commoditization of the ransomware at a completely new scale."

Prnewswire.com published news on 8th July, 2015 quoting a comment of Sternfeld as: "To minimize the effect of ransomware, our best suggestion is to run frequent backups using an external drive, usage of endpoint monitoring and detection technologies to restrict the scope of such attacks."

Unfortunately, ransomware has been surfacing at an avid pace this year. Teslacrypt, a strain of ransomware which targets gamers, has evolved during the last few months along with new campaigns spreading through spam, malvertising and exploit kits such as RIG, Magnitude and Angler.

» SPAMfighter News - 7/22/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page