CylancePROTECT vs. DataKeeper RaaS

Cylance vs. DataKeeper

DataKeeper is the latest contender in a rising number of malware attacks driven by ransomware-as-a-service (RaaS). What does this latest iteration of RaaS-inspired malware mean for computing? The Cylance Threat Research team dug into this emerging threat for answers ... Read More
Threat Spotlight: Bad Rabbit Ransomware

Threat Spotlight: Bad Rabbit Ransomware

A new ransomware known as Bad Rabbit has been observed spreading in the wild throughout Russia, Ukraine and several other countries. Remarkably similar to Not-Petya, Bad Rabbit was initially spread via drive-by downloads, but also contains the ability to propagate via SMB, as well as encrypting files and preventing an ... Read More
Cylance vs. Fileless Malware - Hancitor and the Man1 Group

Threat Spotlight: MAN1 Malware – The Last Crusade?

In our previous blogs, Threat Guidance took an in-depth journey into the world of the MAN1 malware group, and investigated a malicious macro embedded in a Word document sent via email. This time we’re going to take a deeper look at the binary - Hancitor - that we captured. As ... Read More

Threat Spotlight – MAN1 Malware: Temple of Doom

Threat Guidance dives deeper into the Man1 group’s malicious macro. We’ll walk you through the attackers’ tactics and techniques in order to track their campaign and anticipate changes ... Read More

Threat Spotlight: KONNI – A Stealthy Remote Access Trojan

KONNI is a remote access trojan (RAT) with malicious abilities that include keylogging, screen capturing, intelligence gathering and data exfiltration. As an active threat under development, Threat Guidance takes a closer look at this RAT to understand its inner workings and capabilities ... Read More
Threat Spotlight: Cryptocurrency Malware

Threat Spotlight: Cryptocurrency Malware

Cryptocurrencies such as Bitcoin have seen a recent increase in popularity among users and service providers. This burgeoning market is being targeted in new ways by cybercriminals. Threat Guidance investigates notable malware that has been found compromising systems and delivering payloads with cryptocurrency mining capabilities ... Read More
Threat Spotlight: Is Fireball Adware or Malware?

Threat Spotlight: Is Fireball Adware or Malware?

Recently, Fireball malware has garnered a lot of attention by claiming to have spread to 250 million computers. But before this threat was called Fireball, it was known as ELEX adware. In this blog, we will be detailing the Fireball threat and many of the ways it presents in order ... Read More

Petya-Like Ransomware Reloaded

Threat Guidance's initial analysis of the Petya-like ransomware worming its way around the globe using a grab-bag of propagation techniques ... Read More
CylancePROTECT® vs. Petya-Like Ransomware

Cylance Prevents Petya-Like Ransomware

While analysis continues to identify the key aspects of this ransomware, know for now that if you use our endpoint protection product CylancePROTECT®, you were already protected from this attack ... Read More