Recent Posts

Recent Blog Posts

The PhishLabs Blog

Locky, Three Ways

Locky, one of the first and most resilient ‘mass distribution’ ransomware families has roared back after a brief break. Throughout August, Locky campaigns have filled our inboxes with fraudulent invoices that need paying, images that need opening, and voicemails that need listening. These recent campaigns are notable not only for their volume, but the multiple delivery methods within a single distribution run. On August 17, Locky arrived en masse with three different infection methods that all led to Locky’s Lukitus variant. While infection vectors frequently change from run to run, intra-campaign shuffling is extremely rare.

Read More

Topics: Ransomware

Globe Imposter Ransomware Makes a New Run

Posted by Amanda Kline on Aug 10, '17

In the world of cyber security, there are some threats that seem to have been specifically designed to wreck your day.

Ransomware is one of those threats.

Even if you have secure backups, and they’re kept safely away from the rest of your network, the time it takes to restore from them and remove all traces of the offending trojan is sure to get your blood boiling.

So when a new ransomware threat arises, it pays to make sure your house is in order, and your users are on high alert.

Read More

Topics: Ransomware

Not NotPetya (An analysis of Karo Ransomware)

While there was a lively running debate over whether it was Petya or NotPetya yesterday, we all can all agree that what locked up some of the world’s largest shipping companies, spread through the infamous SMB exploit, and may have been delivered as an infected update, was not Karo. However, this obscure ransomware family was launched into the spotlight due to early confusion over Petya's initial infection vector.

Read More

Topics: Ransomware

WannaCry: What We Know… and What We Don’t

Posted by Joseph Opacki on May 17, '17

Unless you've had your head buried firmly in the sand for the past few days, you’ll already have heard of WannaCry, the latest in an ongoing deluge of ransomware strains.

Since the attack started last Friday over 230,000 computers have been infected across 150 countries, with high profile victims including Telefónica, Britain’s National Health Service (NHS),  FedEx, Deutsche Bahn, and LATAM Airlines.

And if you’ve been following the story, you’ll know all sorts of people have been getting involved. With slightly confusing (and sometimes contradictory) reports surfacing in news outlets all over the world, we thought we’d take a few moments to explain what is (and isn’t) currently known about WannaCry, and what you can do to minimize your organization’s risk of infection.

Read More

Topics: Ransomware, WannaCry

Global WannaCry Ransomware Outbreak

Posted by Joseph Opacki on May 12, '17

Earlier today, news broke of a new WannaCry version propagating at a rate unseen before for ransomware. The initial infection vector (phishing, malvertising, etc.) is unknown at this time, but once inside the network it spreads rapidly by scanning for and exploiting Windows systems vulnerable to the NSA-crafted SMB exploits that were recently published by ShadowBrokers. In doing so, WannaCry is spreading well-beyond the initially-infected system and crippling networks. 

Read More

Topics: Phishing, Ransomware, WannaCrypt

How to Identify and Block Ransomware

Posted by Jenny Dowd on Apr 13, '17

In the last post, we took an in-depth look at how ransomware changed during 2016, and what we expect to see happen in the coming year.

The post, which was based on a recent webinar, was pretty long and in-depth, so if you'd like some context you might like to go back and read it before continuing or feel free to watch the on-demand webinar.

In this post we’re going to run through the most important part of the webinar: what you can do to secure your organization against ransomware.

Read More

Topics: Phishing, Ransomware, Phishing Trends and Intelligence Report,

The Ransomware Explosion: Lessons Learned in 2016

Posted by Jenny Dowd on Apr 7, '17

In 2016, a year when cybercrime soared to previously undiscovered heights, ransomware was one of the top worries for organizations of all sizes.

And for good reason.

Compared to other malware, ransomware has a very high infection rate, and whether or not organizations opt to pay ransom demands it can cause significant disruption to business processes. Even worse, many co-called “copycat” ransomware families have turned out to be far more destructive than intended, and as a result many files can't be recovered even if payment is made.

Read More

Topics: Ransomware

How and Why the Phishing Threat Landscape Has Changed

Posted by Lindsey Havens on Mar 24, '17

Over the last decade phishing has exploded. Volume has increased every year, with threat actors reliably focusing the majority of their efforts on the same five or six industries.

It was a serious threat, of course, but it had become somewhat… predictable.

But in 2016, some major changes occurred. In just 12 months, the entire phishing landscape shifted.

Read More

Topics: Phishing, Phish Kit, Ransomware, PTI Report

Picking on the Little Guy: Ransomware Trends

Posted by Lindsey Havens on Mar 8, '17

In late 2015, malware trends hinted a ransomware epidemic was on its way.

And what happened? Less than three months into 2016, security analysts had branded it the ‘year of ransomware’.

Even popular media outlets were covering ransomware cases on an almost daily basis, and both consumers and businesses the world over would come to understand exactly what the word ransomware really means.

So what happened? After all, ransomware has been around for decades, so why the sudden explosion?

Read More

Topics: Ransomware, PTI Report

Exploiting Weakness: Why Healthcare is an Obvious Ransomware Target

Posted by Lindsey Havens on Jan 24, '17


Since the start of 2015, healthcare has been hit with more ransomware than any other industry.

Headlines abound with tales of healthcare organizations declaring states of emergency, turning away patients, and often opting to pay ransoms just to end their nightmare.

Read More

Topics: Ransomware, Healthcare


What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Upcoming Events


Posts by Topic

see all