Why SECURE? Do you value hard work and facing challenges? Do you want to meet people like you, share your job results, look for inspiration or partners to mutual projects? You can find it all in October on our conference. We invite you to contribute to the agenda of the …

We are happy to announce that we are releasing a free decryption tool for the Mapo (a GarrantyDecrypt/Outsider variant) ransomware today. We would also like to thank Maciej Kotowicz of Kaspersky’s GReAT for sharing his insights on the ransomware’s encryption process. Our tool works with encrypted files …

Analysis of current threats is one of the most common challenges facing almost any organization dealing with cybersecurity. From year to year, it also becomes a harder nut to crack, being undoubtedly influenced by the growing scale of activities undertaken by criminals and the degree of their advancement. In the …

CERT Polska has partnered together with Microsoft, ESET and law enforcement agencies including US-CERT/DHS, FBI, Interpol and Europol in activities aimed at disrupting of the Dorkbot malware family. This disruption – which includes sinkholing of the botnet’s infrastructure – took place yesterday. Dorkbot is a well-known family of malware, operating …

Intro Dridex mostly comes to us as spam which contains a .doc with some macros, responsible for downloading a dropper. One can quickly analyze it using oledump.py and looking through vbscript, or naturally, just try to run it in a sandbox and obtain the dropped files. CFG extraction After …

CERT Polska along with 19 other partners from 11 countries have joined forces for CyberROAD – a 7FP project aimed to identify current and future issues in the fight against cyber-crime and cyber-terrorism in order to draw a strategic roadmap for cyber security research. A detailed snapshot of the technological, social …

Today, we published the annual CERT Polska report in its English version. This report presents the most important trends and observations that we think shaped Polish cybersecurity in 2014. This includes new, upcoming threats, their evolution and our responses to them. In 2014 CERT Polska continued its effort to better …

On the 7th of May, 2015 we observed a new malicious e-mail campaign, which used the logo and the name of Polish Post Office (”Poczta Polska”). The e-mail supposedly informed about an undelivered package – however, they also included a link which, after several redirects, lead to the download of a …

Call for Speakers for SECURE 2015 is now open. If you have an interesting topic and would like to share your ideas with a crowd of Polish and international IT security specialists, and/or are looking for a good reason to visit Warsaw, Poland, please consider submitting your proposal. You …

In the previous entry we showed examples of domains, which could be easily missclassified as DGA botnet domains. Most of them are machine generated and used in a non-malicious manner. In this entry, conversely, we will present examples of pseudo random domains, which could be used in attacks or be …