New Threat Research: MalSync Teardown: From DLL Hijacking to PHP Malware for Windows  

Read Threat Research

Search

Ransomware Brings Mexico Petrol Company to a Standstill

Early Monday morning, Pemex, Mexico’s state petroleum company was hit with ransomware, bringing several critical systems to a halt.  While early news agencies were reporting on Ryuk, upon an investigation of the binaries by several researchers including Vitali Kremez, it was discovered that this attack was carried out using the BitPaymer lookalike, DoppelPaymer.  The actors behind this attack are demanding a ransom of $5 million at the end of November.

Analyst Notes

As DoppelPaymer is typically distributed through email malware, like Dridex, practicing safe internet habits, such as not running macros from untrusted sources are a good way to stay safe from this ransomware. Additionally, performing frequent backups that are stored in a location isolated from the rest of the network (such as physical backups), will allow recovery of files without paying a ransom.

Sources: https://www.virustotal.com/gui/file/f77b3069cc28b8c4edbfff935dc83ee701821e529a509da7f157b5de52b39863/details