Malware

How to remove malware

Follow these three easy steps to remove malware from your device.

1. Download and install a good cybersecurity program. As it happens, Malwarebytes has programs for every platform we’ve discussed in this article: Windows, Mac, Android, and Chromebook.

2. Run a scan using your new program. Even if you don’t opt for Malwarebytes Premium, the free version of Malwarebytes is still great at removing malware. The free version, however, does not proactively stop threats from getting on your system in the first place.

If your iPhone or iPad is infected with malware (as improbable as that may be). Things are a little trickier. Apple does not permit scans of either the device’s system or other files, though Malwarebytes for iOS, for example, will screen and block scam calls and texts. Your only option is to wipe your phone with a factory reset, then restore it from your backup in iCloud or iTunes. If you didn’t backup your phone, then you’re starting over from scratch.

Advancements in Antivirus Software & Cybersecurity

Two relatively new forms of malware have helped drive the advancement of signature-less detection methods: exploits and ransomware. Though these threats are similar to others in many ways, they can be much harder to detect. Furthermore, once your computer is infected, these threats can be almost impossible to remove.

Exploits get their name because they literally exploit vulnerabilities in a system, software, or web browser in order to install malicious code in a variety of ways. Anti-exploit measures were developed as a shield against this method of attack, protecting against Flash exploits and browser weaknesses, including new exploits that have not been identified or vulnerabilities for which patches have not yet been created.

Ransomware emerged on the malware scene to spectacular effect in 2013. Ransomware made a name for itself by hijacking and encrypting computer data, and then extorting payments as it held the data hostage. and even threatened to erase it if a deadline passed without payment. Originally, both these threats resulted in the development of dedicated anti-exploit and anti-ransomware products.

In December 2016, Malwarebytes folded anti-exploit and malicious website antivirus protection into the premium version of Malwarebytes for Windows. We have since added anti-ransomware for even more advanced anti-malware protection.

What’s the difference between antivirus and anti-malware?

For the most part, antivirus software and anti-malware software are the same things. They both refer to computer security software designed to detect, protect against, and remove malicious software. Contrary to what the name might suggest, antivirus software protects against more than viruses — it just uses a slightly antiquated name to describe what it does.

Anti-malware software is also designed to protect against viruses; it just uses a more modern name that encompasses all kinds of malicious software, including viruses. That being said, anti-malware can stop an online viral infection from happening and remove infected files. However, anti-malware isn’t necessarily equipped to restore files that have been changed or replaced by a virus. Both antivirus software and anti-malware fall under the broader term «cybersecurity.”

How does anti-malware work?

The old school method of signature-based threat detection is effective to a degree, but modern anti-malware also detects threats using newer methods that look for malicious behavior. To put it another way, signature-based detection is a bit like looking for a criminal’s fingerprints. It’s a great way to identify a threat, but only if you know what their fingerprints look like. Modern anti-malware takes detection a step further so it can identify threats it has never seen before. By analyzing a program’s structure and behavior, it can detect suspicious activity. Keeping with the analogy, it’s a bit like noticing that one person always hangs out in the same places as known criminals and has a lock pick in his pocket.

This newer, more effective cybersecurity technology is called heuristic analysis. “Heuristics” is a term researchers coined for a strategy that detects threats by analyzing the program’s structure, its behavior, and other attributes.

Each time a heuristic anti-malware program scans an executable file, it scrutinizes the program’s overall structure, programming logic, and data. All the while, it looks for things like unusual instructions or junk code. In this way, it assesses the likelihood that the program contains malware. What’s more, a big plus for heuristics is its ability to detect malware in files and boot records before the malware has a chance to run and infect your computer. In other words, heuristics-enabled anti-malware is proactive, not reactive.

Some anti-malware products can also run the suspected malware in a sandbox, which is a controlled environment in which the security software can determine whether a program is safe to deploy or not. Running malware in a sandbox lets the anti-malware look at what the software does, the actions it performs, and whether it tries to hide itself or compromise your computer.

Another way heuristic analytics helps keep users safe is by analyzing web page characteristics in order to identify risky sites that might contain exploits. If it recognizes something fishy, it blocks the site.

In brief, signature-based anti-malware is like a bouncer at the nightclub door, carrying a thick book of mug shots and booting anyone that matches. Heuristic analysis is the bouncer who looks for suspicious behavior, pats people down, and sends home the ones carrying a weapon.

“Heuristics is a term researchers coined for a strategy that detects viruses by analyzing the program’s structure, its behavior, and other attributes.”

Распространенные сообщения об ошибках в mbam.exe

Наиболее распространенные ошибки mbam.exe, которые могут возникнуть:

• «Ошибка приложения mbam.exe.»
• «Ошибка mbam.exe».
• «Возникла ошибка в приложении mbam.exe. Приложение будет закрыто. Приносим извинения за неудобства».
• «mbam.exe не является допустимым приложением Win32».
• «mbam.exe не запущен».
• «mbam.exe не найден».
• «Не удается найти mbam.exe».
• «Ошибка запуска программы: mbam.exe».
• «Неверный путь к приложению: mbam.exe.»

Эти сообщения об ошибках .exe могут появляться во время установки программы, во время выполнения связанной с ней программы, защиты от вредоносных программ Malwarebytes, при запуске или завершении работы Windows или даже во время установки операционной системы Windows

Отслеживание момента появления ошибки mbam.exe является важной информацией, когда дело доходит до устранения неполадок

How do I protect myself from ransomware?

Security experts agree that the best way to protect from ransomware is to prevent it from happening in the first place.

While there are methods to deal with a ransomware infection, they are imperfect solutions at best, and often require much more technical skill than the average computer user. So here’s what we recommend people do in order to avoid fallout from ransomware attacks.

The first step in ransomware prevention is to invest in awesome cybersecurity—a program with real-time protection that’s designed to thwart advanced malware attacks such as ransomware. You should also look out for features that will both shield vulnerable programs from threats (an anti-exploit technology) as well as block ransomware from holding files hostage (an anti-ransomware component). Customers who were using the premium version of Malwarebytes for Windows, for example, were protected from all of the major ransomware attacks of 2017.

Next, as much as it may pain you, you need to create secure backups of your data on a regular basis. Our recommendation is to use cloud storage that includes high-level encryption and multiple-factor authentication. However, you can purchase USBs or an external hard drive where you can save new or updated files—just be sure to physically disconnect the devices from your computer after backing up, otherwise they can become infected with ransomware, too.

Then, be sure your systems and software are updated. The WannaCry ransomware outbreak took advantage of a vulnerability in Microsoft software. While the company had released a patch for the security loophole back in March 2017, many folks didn’t install the update—which left them open to attack. We get that it’s hard to stay on top of an ever-growing list of updates from an ever-growing list of software and applications used in your daily life. That’s why we recommend changing your settings to enable automatic updating.

Finally, stay informed. One of the most common ways that computers are infected with ransomware is through social engineering. Educate yourself (and your employees if you’re a business owner) on how to detect malspam, suspicious websites, and other scams. And above all else, exercise common sense. If it seems suspect, it probably is.

Mobile spyware

Also, it’s not just consumers that mobile spyware criminals target. If you use your smartphone or tablet in the workplace, hackers can turn their attack to your employer organization through vulnerabilities in mobile devices. Moreover, your corporation’s incident response team may not detect breaches that originate through a mobile device.

Spyware breaches on smartphones commonly occur in three ways:

• Unsecured free wi-fi, which is common in public places such as airports and cafes. If you log onto an unsecured network, the bad guys can see everything you do while connected. Pay attention to warning messages your device may give you, especially if it indicates that the server identity cannot be verified. Protect yourself by avoiding such unsecured connections.
• Operating system (OS) flaws, which open up exploits that could let attackers infect a mobile device. Smartphone manufacturers frequently release OS updates to protect users, which is why you should install updates as soon as they are available (and before hackers try to infect out-of-date devices).
• Malicious apps, which hide in seemingly legitimate applications, especially when they are downloaded from websites or messages instead of an app store. Here it’s important to look at the warning messages when installing applications, especially if they seek permission to access your email or other personal information. Bottom line: It’s best to stick to trusted sources for mobile apps and avoid any third-party apps.

Do mobile devices get malware?

Malware criminals love the mobile market. After all, smartphones are sophisticated, complex handheld computers. They also offer an entrance into a treasure trove of personal information, financial details, and all manner of valuable data for those seeking to make a dishonest dollar.

The fact is, it’s a huge market (read: target). The GSMA, a trade body that represents mobile carriers, puts the number of mobile device users somewhere over 5 billion, worldwide. A quarter of these users own more than one device. Fraudsters find the mobile market very attractive and take advantage of a gigantic economy of scale to leverage their efforts.

Mobile users are often easier to target as well. Most do not protect their phones as diligently as they do their computers, failing to install security software or keep their operating systems up to date. It’s not entirely our fault. Apple, on average, supports their phones—meaning you can download the latest iOS—five years after the launch date. Android phones can be updated for about three years.

Infected mobile devices are a particularly insidious danger compared to a PC. Ironically, the “personal computer” isn’t personal anymore. Phones, conversely, go with us everywhere. As a society we’ve become so attached to our phones that there’s now an actual word for the fear we experience when we don’t have our phones: Nomophobia.

A hacked microphone and camera can record everything you see and say. A hacked GPS can broadcast your every move. Even worse, mobile malware can be used to evade the multi-factor authentication (MFA) many apps use to keep our data secure.

“The more popular Android platform attracts more malware than the iPhone.”

Keep in mind that cheap phones can come with malware pre-installed, which can be difficult to remove (Malwarebytes for Android is a big help here).

Regarding the mobile malware ecosystem, the two most prevalent smartphone operating systems are Google’s Android and Apple’s iOS. Android leads the market with 76 percent of all smartphone sales, followed by iOS with 22 percent of all smartphones sold. No big surprise then that the more popular Android platform attracts more malware than the iPhone. Let’s look at them each separately.

All about spyware

When you go online, don’t assume that your privacy is secure. Prying eyes often follow your activity—and your personal information—with a pervasive form of malicious software called spyware. In fact, it’s one of the oldest and most widespread threats on the Internet, secretly infecting your computer in order to initiate a variety of illegal activities, including identity theft or a data breach. It’s easy to fall prey to and can be hard to get rid of, especially since you’re most likely not even aware of it. But relax; we’ve got your back with all you need to know about what spyware is, how you get it, what it tries to do to you, how to deal with it, and what to do to avoid future spyware attacks.

Это mbam.exe безопасно, или это вирус или вредоносная программа?

Первое, что поможет вам определить, является ли конкретный файл законным процессом Windows или вирусом, — это расположение самого исполняемого файла. Например, такой процесс, как mbam.exe, должен запускаться из C: \ Program Files \ Malwarebytes ‘Anti-Malware \ mbam.exe, а не где-либо еще.

Для подтверждения откройте диспетчер задач, выберите «Просмотр» -> «Выбрать столбцы» и выберите «Имя пути к изображению», чтобы добавить столбец местоположения в диспетчер задач. Если вы обнаружите здесь подозрительный каталог, возможно, стоит дополнительно изучить этот процесс.

Еще один инструмент, который иногда может помочь вам обнаружить плохие процессы, — это Microsoft Process Explorer. Запустите программу (не требует установки) и активируйте «Проверить легенды» в разделе «Параметры». Теперь перейдите в View -> Select Columns и добавьте «Verified Signer» в качестве одного из столбцов.

Если статус процесса «Проверенная подписывающая сторона» указан как «Невозможно проверить», вам следует взглянуть на процесс. Не все хорошие процессы Windows имеют метку проверенной подписи, но ни один из плохих.

Самые важные факты о mbam.exe:

• Находится в C: \ Program Files \ Malwarebytes ‘Anti-Malware \ вложенная;
• Издатель: Malwarebytes Corporation
• Полный путь: C: \ Program Files \ Malwarebytes ‘Anti-Malware \ mbam.exe
• Файл справки:
• URL издателя: www.malwarebytes.org
• Известно, что до 4.38 MB по размеру на большинстве окон;

Если у вас возникли какие-либо трудности с этим исполняемым файлом, вы должны определить, заслуживает ли он доверия, перед удалением mbam.exe. Для этого найдите этот процесс в диспетчере задач.

Найдите его местоположение (оно должно быть в C: \ Program Files \ Malwarebytes ‘Anti-Malware \) и сравните его размер с приведенными выше фактами.

Новые возможности сканера Malwarebytes Anti-Malware в версии 3.0:

• • значительно переформатирован пользовательский интерфейс, включая и основную панель управления, которая содержит все сведения относительно основных механизмов программы и качества их работы;
• • оперативная проверка Quick Scan превратилось в рекомендованный тип сканирования Threat Scan;
• • в версии Premium встроен драйвер Malwarebytes Chameleon, который предназначен для поддержания самозащиты, доступ к нему открыт в настройках Advanced Settings;
• • в сканер поиска вирусов встроен Malwarebytes Anti-Rootkit, который можно выставить в настройках Detection and Protection;
• • обновленный, развернутый защитный механизм от сомнительных интернет-сайтов, адаптированный под взаимодействие с Windows Vista Service Pack 2 и далее (обеспечивает максимальную эффективность, встроена функция остановки процессов, к примеру, торрент-клиентов, ручная блокировка IP-адресов и URL-ов по имени домена);
• • нативное х64 сканирование местоположения в системе, поиск и ликвидация вредного ПО.

Производительность / Защита

• Добавлена бессигнатурная защита от эксплойтов и программ-вымогателей (только для Premium).
• Скорость антивирусного сканирования возросла до 4-ех раз, включая быструю проверку.
• Убраны необязательные перезагрузки после удаления некоторых угроз.
• Эвристический движок Advanced Heuristic Engine (Shuriken) теперь включен по умолчанию.
• Самозащита теперь включена по умолчанию (только для Premium)

Удобство использования

• Обновленный пользовательский интерфейс для улучшения стабильности.
• Теперь MBAM настраивается для интеграции в Центр действий Windows / Центр безопасности Windows (только для Premium).
• Проверка обновлений выполняется автоматически, так что теперь нет необходимости настраивать планировщик задач.
• Улучшенная поддержка навигации с помощью клавиатуры и экранных дикторов. 

Возможности лечащей утилиты Malwarebytes:

• • Проверка антивирусом без установки
• • возможность «Быстрого сканирования», обеспечивающая защиту критических зон операционки;
• • сканирование всех носителей для обеспечения всеохватывающей проверки;
• • обновление антивирусных баз для оперативной защиты от вирусов каждый день;
• • интеллектуальный поиск, позволяющий выявить даже самые стойкие опасности без нагрузки на ресурсы системы;
• • возможность создания черного списка для защитных и проверочных модулей;
• • дополнительный перечень программ для ручного удаления вредного ПО (FileAssassin, Malwarebytes Anti-Rootkit, Chameleon, StartupLite);
• • эффективный инструмент Malwarebytes Chameleon, который позволяет активизировать Malwarebytes Anti-Malware, в те моменты, когда его блокируют вирусы;
• • поддержка как старых версий виндовс (таких как win XP), так и новой windows 8.1
• • поддержка большого числа языков — в том числе и русского.
• • встраивание в состав контекстного меню для того, чтобы оперативно проверять файлы.

What is the history of malware?

Given the variety of malware types and the massive number of variants released into the wild daily, a full history of malware would comprise a list too long to include here. That said, a look at malware trends in recent decades is more manageable. Here are the main trends in malware development.

The 1980s and onward: The theoretical underpinning of “self-reproducing automata” (i.e., viruses) dates back to a lecture delivered in 1949 by 20th century Renaissance man John von Neumann. However, the history of modern viruses begins with a program called Elk Cloner, which started infecting Apple II systems in 1982. Disseminated by infected floppy disks, the virus itself was harmless, but it spread to all disks attached to a system, exploding so virulently that it can be considered the first large-scale computer virus outbreak in history. Note that this was prior to any Windows PC malware. Since then, viruses and worms have become widespread.

The 1990s: Microsoft Windows began its long run as the most popular OS in the world (not to be overtaken till Google’s Android many years later). As the Windows OS and its built-in applications grew in popularity, so too did the number of viruses written for the platform. In particular, malware authors started to write infectious code in the macro language of Microsoft Word. These macro viruses infected documents and templates rather than executable applications, although strictly speaking, the Word document macros are a form of executable code.

2002 to 2007: Instant messaging (IM) worms spread across popular IM networks, including AOL AIM, MSN Messenger, and Yahoo Messenger. Most attacks started with a social engineering ploy. Attackers might send out an IM that reads something like “Who’s with you in this picture?” or “OMG, I think you won the lottery!” along with a link to a malicious download. Once your system was infected, the IM worm would further propagate itself by sending malicious download links to everyone on your contact list.

2005 to 2009: Adware attacks proliferated, presenting unwanted advertisements to computer screens, sometimes in the form of a pop-up or in a window that users could not close. These ads often exploited legitimate software as a means to spread, but around 2008, software publishers began suing adware companies for fraud. The result was millions of dollars in fines. This eventually drove adware companies to shut down. Today’s tech support scams owe much to the adware of yesteryear, employing many of the same tricks as the old adware attacks; e.g., full screen ads that can’t be closed or exited.

2007 to 2009: Malware scammers turned to social networks such as Myspace as a channel for delivering rogue advertisements, links to phishing pages, and malicious applications. After Myspace declined in popularity, Facebook and Twitter became the preferred platforms.

2013: A new form of malware called ransomware launched an attack under the name CryptoLocker, which continued from early September 2013 to late May 2014, targeting computers running Windows. CryptoLocker succeeded in forcing victims to pay about $3 million in total, BBC News reported. Moreover, the ransomware’s success gave rise to an unending series of copycats.

2013 to 2017: Delivered through Trojans, exploits, and malvertising, ransomware became the king of malware, culminating in huge outbreaks in 2017 that affected businesses of all kinds.

2017: Cryptocurrency—and how to mine for it—has captured widespread attention, leading to a new malware scam called cryptojacking, or the act of secretly using someone else’s device to surreptitiously mine for cryptocurrency with the victims’ resources.

2018 to 2019: Ransomware made its big comeback. This time, however, cybercriminals shifted their focus from individual consumers to business targets. Riding a wave of GandCrab and Ryuk ransomware infections, attacks on businesses went up 365 percent from 2018 to 2019. As of this writing, there’s no indication the ransomware attacks will slow down.

How do I get ransomware?

Malspam uses social engineering in order to trick people into opening attachments or clicking on links by appearing as legitimate—whether that’s by seeming to be from a trusted institution or a friend. Cybercriminals use social engineering in other types of ransomware attacks, such as posing as the FBI in order to scare users into paying them a sum of money to unlock their files.

Another popular infection method, which reached its peak in 2016, is malvertising. Malvertising, or malicious advertising, is the use of online advertising to distribute malware with little to no user interaction required. While browsing the web, even legitimate sites, users can be directed to criminal servers without ever clicking on an ad. These servers catalog details about victim computers and their locations, and then select the malware best suited to deliver. Often, that malware is ransomware.

Malvertising often uses an infected iframe, or invisible webpage element, to do its work. The iframe redirects to an exploit landing page, and malicious code attacks the system from the landing page via exploit kit. All this happens without the user’s knowledge, which is why it’s often referred to as a drive-by-download.

An ounce of prevention vs. a pound of cure

From desktops and laptops to tablets and smartphones, all our devices are vulnerable to malware. Given a choice, who wouldn’t want to prevent an infection instead of dealing with the aftermath?

The best antivirus software alone is not up to the task, as evidenced by the regular stream of newspaper headlines reporting yet another successful cyberattack.

So, what should you do to stay safe? What kind of cybersecurity software — antivirus software or anti-malware software — should one choose to address a threat landscape that consists of legacy viruses and emerging malware? What is the best antivirus program for you?

The fact is, traditional antiviruses alone are inadequate against emerging zero-day threats, allow ransomware to successfully hijack computers, and don’t completely remove malware. What’s needed is an advanced cybersecurity program that is flexible and smart enough to anticipate today’s increasingly sophisticated threats.

Malwarebytes for Windows fulfils this need for advanced antivirus security (along with Malwarebytes for Mac, Malwarebytes for Android, and Malwarebytes business solutions). Malwarebytes offers one of the best antivirus programs to protect computers against malware, hacks, viruses, ransomware, and other ever-evolving threats to help support a safe online antivirus experience. Our AI-enhanced, heuristics-based technology blocks threats that a traditional computer antivirus isn’t smart enough to stop.

For an additional layer of antivirus protection, consider Malwarebytes Browser Guard. It’s the browser extension that stops annoying ads and trackers. Plus, it’s the world’s first browser extension that blocks tech support scams.

Industry watchers have cited Malwarebytes for Windows for its role in a layered antivirus protection approach, providing one of the best antivirus programs without degrading system performance. It removes all traces of malware, blocks the latest threats, and is a fast virus scanner.

Regardless of the cybersecurity software you choose your first line of defense is education. Stay up to date on the latest online threats and antivirus protection by making the Malwarebytes Labs blog a regular read.

What is malware? Malware definition

Malware, or “malicious software,” is an umbrella term that describes any malicious program or code that is harmful to systems.

Hostile, intrusive, and intentionally nasty, malware seeks to invade, damage, or disable computers, computer systems, networks, tablets, and mobile devices, often by taking partial control over a device’s operations. Like the human flu, it interferes with normal functioning.

The motives behind malware vary. Malware can be about making money off you, sabotaging your ability to get work done, making a political statement, or just bragging rights. Although malware cannot damage the physical hardware of systems or network equipment (with one known exception—see the Google Android section below), it can steal, encrypt, or delete your data, alter or hijack core computer functions, and spy on your computer activity without your knowledge or permission.

How do I get spyware?

Spyware can infect your system in the same ways as any other form of malware. Here are a few of spyware’s main techniques to infect your PC or mobile device.

• Security vulnerabilities, e.g. backdoors and exploits. An exploit is a security vulnerability in your device’s hardware or software that can be abused or exploited to gain unauthorized access. Software vulnerabilities are also known as “software bugs” or just “bugs” for short. Exploits are an unintentional byproduct of hardware and software manufacturing. Mistakes happen and bugs manage to find their way in to even the most polished consumer technology. Backdoors, on the other hand, are put in place on purpose as a way to quickly gain access to your system after the fact. Sometimes the hardware and software makers themselves put the backdoors in. More often than not, however, cybercriminals will use an exploit to gain initial access to your system then install a permanent backdoor for future access.
• Phishing and spoofing. These two threats are often used in tandem. Phishing happens whenever criminals try to get you to perform some sort of action such as clicking a link to a malware-laden website, opening an infected email attachment (aka malspam), or giving up your login credentials. Spoofing refers to the act of disguising phishing emails and websites so that they appear to be from and by individuals and organizations you trust.
• Misleading marketing. Spyware authors love to present their spyware programs as useful tools to download. It might be an Internet accelerator, new download manager, hard disk drive cleaner, or an alternative web search service. Beware this kind of “bait,” because installing it can result in inadvertent spyware infection. And even if you eventually uninstall the “useful” tool that initially introduced the infection, the spyware remains behind and continues to function.
• Software bundles. Who doesn’t love free software (freeware)? Except when it’s a host program that conceals a malicious add-on, extension, or plugin. Bundleware may look like necessary components, but they are nonetheless spyware, which, again, remains even if you uninstall the host application. Making matters worse, you may find that you actually agreed to install the spyware when you accepted the terms of service for the original application.
• Trojans. Broadly speaking, if malware pretends to be something it’s not—that means it’s a Trojan. That said, most Trojans today are not threats in and of themselves. Rather, cybercriminals use Trojans to deliver other forms of malware, like cryptojackers, ransomware, and viruses.
• Mobile device spyware. Mobile spyware has been around since mobile devices became mainstream. Mobile spyware is especially devious since mobile devices are small and users generally can’t see what programs are running in the background as easily as they might on their laptop or desktop. Both Mac and Android devices are vulnerable to spyware. These apps include legitimate apps recompiled with harmful code, straight up malicious apps posing as legitimate ones (often with names resembling popular apps), and apps with fake download links.

“Mobile spyware has been around since mobile devices became mainstream.”

Who do spyware authors target?

Unlike some other types of malware, spyware authors do not really target specific groups or people. Instead, most spyware attacks cast a wide net to collect as many potential victims as possible. And that makes everyone a spyware target, as even the slightest bit of information might find a buyer.

“Spyware attacks cast a wide net to collect as many potential victims as possible.”

Information obtained through stolen documents, pictures, video, or other digital items can even be used for extortion purposes.

So, at the end of the day, no one is immune from spyware attacks, and attackers usually care little about whom they are infecting, as opposed to what they are after.

Ransomware news

There have been a number of major ransomware attacks in 2021. Read the latest news on ransomware and ransomware attacks from Malwarebytes Labs:

August 2021

• How to stay secure from ransomware attacks this Labor Day weekend
• Analysts “strongly believe” the Russian state colludes with ransomware gangs
• Ransomware turncoat leaks Conti data, lifts the lid on the ransomware business

July 2021

• BlackMatter, a new ransomware group, claims link to DarkSide, REvil
• CNA legal filings lift the curtain on a Phoenix CryptoLocker ransomware attack
• StopRansomware.gov brings together information on stopping and surviving ransomware attacks
• Ransomware’s Russia problem
• SonicWall warns users of “imminent ransomware campaign”
• UPDATED: Thousands attacked as REvil ransomware hijacks Kaseya VSA
• UPDATED: Threat Spotlight: Sodinokibi/REvil ransomware

June 2021

• Babuk ransomware builder leaked following muddled “retirement”
• Steamship Authority answers question: Who’s the next ransomware victim?
• JBS says it is recovering quickly from a ransomware attack

April 2021

• Ransomware disrupts food supply chain, Exchange exploitation suspected
• How ransomware gangs are connected, sharing resources and tactics

March 2021

• PYSA, the ransomware attacking schools
• Ransomware is targeting vulnerable Microsoft Exchange servers
• REvil ransomware’s calling, and it’s not good news
• Ryuk ransomware develops worm-like capability

How to protect against malware

In no particular order, here’s our tips on protecting against malware.

1. Pay attention to the domain and be wary if the site isn’t a top-level domain, i.e., com, mil, net, org, edu, or biz, to name a few.

2. Use strong passwords with multi-factor authentication. A password manager can be a big help here.

3. Avoid clicking on pop-up ads while browsing the Internet.

6. Don’t download software from untrustworthy websites or peer-to-peer file transfer networks.

7. Stick to official apps from Google Play and Apple’s App Store on Android, OSX, and iOS (and don’t jailbreak your phone). PC users should check the ratings and reviews before installing any software.

8. Make sure your operating system, browsers, and plugins are patched and up to date.

9. Delete any programs you don’t use anymore.

10. Back up your data regularly. If your files become damaged, encrypted, or otherwise inaccessible, you’ll be covered.

11. Download and install a cybersecurity program that actively scans and blocks threats from getting on your device. Malwarebytes, for example, offers proactive cybersecurity programs for Windows, Mac, Android, and Chromebook. Plus, our latest offering, Malwarebytes Browser Guard. It’s free and it’s the only browser extension that can stop tech support scams along with any other unsafe and unwanted content that comes at you through your browser.