Report an incident
Read in Polish Read in polish
  • About us
  • News
  • FAQ
  • Analyses
  • Publications
  • Contact
Tag #ransomware
  • 23 February 2023 Jarosław Jedynak , Michał Praszmo #ransomware #malware #analysis

    A tale of Phobos - how we almost cracked a ransomware using CUDA

    Article thumbnail

    For the past two years we've been tinkering with a proof-of-concept decryptor for the Phobos family ransomware. It works, but is impractical to use for reasons we'll explain here. Consequently, we've been unable to use it to help a real-world victim so far. We've decided to publish our findings and tools, in hope that someone will find it useful, interesting or will continue our research. We will describe the vulnerability, and how we improved our decryptor computational complexity and performance to reach an almost practical implementation.

    Read more
  • 18 December 2019 CERT Polska #malware #ransomware #tools

    Free decryption tool for Mapo ransomware

    Article thumbnail

    We are happy to announce that we are releasing a free decryption tool for the Mapo (a GarrantyDecrypt/Outsider variant) ransomware today. We would also like to thank Maciej Kotowicz of Kaspersky’s GReAT for sharing his insights on the ransomware’s encryption process. Our tool works with encrypted files …

    Read more
  • 30 May 2017 Jarosław Jedynak #analysis #malware #ransomware #tools

    Mole ransomware: analysis and decryptor

    Article thumbnail

    Mole ransomware is almost month old ransomware (so it’s quite old from our point of view), that was distributed mainly through fake online Word docs. It’s a member of growing CryptoMix family, but encryption algorithm was completely changed (…again). We became interested in this variant after victims contacted …

    Read more
  • 11 April 2017 piotrb #ransomware

    We are joining the No More Ransom Project

    Article thumbnail

    From the beginning of April we are officially an Associate Partner of the No More Ransom Project. Its main goal is to fight ransomware by helping victims with free decryption of their files. It is coordinated, among others, by Europol, and it connects law enforcement agencies and private sector companies …

    Read more
  • 14 February 2017 Jarosław Jedynak #analiza #malware #ransomware #sage2.0

    Sage 2.0 analysis

    Article thumbnail

    Introduction Sage is a new ransomware family, a variant of CryLocker. Currently it’s distributed by the same actors that are usually distributing Cerber, Locky and Spora. In this case malspam is the infection vector. Emails from the campaign contain only malicious zip file without any text. Inside zip attachment …

    Read more
  • 18 January 2017 Jarosław Jedynak #analysis #evil #malware #ransomware

    Evil: A poor man’s ransomware in JavaScript

    Article thumbnail

    Introduction Initially Evil was brought to our attention by an incident reported on 2017-01-08. By that time the Internet was completely silent on that threat and we had nothing to analyze. We found first working sample day later, on 2017-01-09. In this article we will shortly summarize our analysis and …

    Read more
  • 04 January 2017 Jarosław Jedynak #analysis #cryptfile2 #cryptomix #malware #ransomware

    Technical analysis of CryptoMix/CryptFile2 ransomware

    Article thumbnail

    Campaign CryptoMix is another ransomware family that is trying to earn money by encrypting victims files and coercing them into paying the ransom. Until recently it was more known as CryptFile2, but for reasons unknown to us it was rebranded and now it’s called CryptoMix. It was observed in …

    Read more
  • 14 October 2015 Łukasz Siewierski #actors #android #e-banking #malware #postal group #ransomware #trojan

    The Postal Group

    Article thumbnail

    During SECURE conference we have presented our findings about criminal group, which we called “Postal Group” (“Grupa pocztowa”) based on theris modus operandi. Detailed research regarding the group have been gathered in the form of report available under the link below.   PDF   During the SECURE conference, we presented a talk …

    Read more
  • 03 July 2015 Łukasz Siewierski #Banatrix #e-banking #malware #ransomware #Slave #To nie Thomas #trojan

    Slave, Banatrix and ransomware

    Article thumbnail

    In March 2015, S21sec published their analysis of the new e-banking trojan horse targetting Polish users. They named it “Slave”, because such a string was part of a path to one of the shared libraries. We think (in part thanks to the kernelmode.info thread) that Slave was made by …

    Read more
  • 22 May 2015 CERT Polska #malware #ransomware

    Malware attack on both Windows and Android

    Article thumbnail

    On the 7th of May, 2015 we observed a new malicious e-mail campaign, which used the logo and the name of Polish Post Office (”Poczta Polska”). The e-mail supposedly informed about an undelivered package – however, they also included a link which, after several redirects, lead to the download of a …

    Read more
1 2 »

The CERT Polska team operates within the structures of NASK (Research and Academic Computer Network) — a research institute which conducts scientific studies, operates the national .pl domain registry and provides advanced IT services.

Social media

Facebook Twitter GitHub

Contact

ul. Kolska 12, PL-01-045 Warsaw, Poland
tel.: +48 22 380 82 74
fax: +48 22 380 83 99
ePUAP: /NASK-Instytut/SkrytkaESP

E-mail: [email protected]
Incidents: [email protected]

Co-financed by the Connecting Europe Facility of The European Union
  • © 2023 NASK
  • Privacy policy
  • CSIRT GOV
  • CSIRT MON