Diaries by Keyword - SANS Internet Storm Center

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Handler on Duty: Didier Stevens

Threat Level: green

Date	Author	Title
HERMES RANSOMWARE
2018-08-15	Brad Duncan	More malspam pushing password-protected Word docs for AZORult and Hermes Ransomware
HERMES
2018-08-15/a>	Brad Duncan	More malspam pushing password-protected Word docs for AZORult and Hermes Ransomware
2018-07-27/a>	Brad Duncan	Malspam with password-protected Word docs pushes Hermes ransomware
RANSOMWARE
2022-11-09/a>	Xavier Mertens	Another Script-Based Ransomware
2022-03-26/a>	Guy Bruneau	Is buying Cyber Insurance a Must Now?
2021-12-04/a>	Guy Bruneau	A Review of Year 2021
2021-07-02/a>	Xavier Mertens	Kaseya VSA Users Hit by Ransomware
2021-05-17/a>	Daniel Wesemann	Ransomware Defenses
2021-04-08/a>	Xavier Mertens	Simple Powershell Ransomware Creating a 7Z Archive of your Files
2021-01-21/a>	Xavier Mertens	Powershell Dropping a REvil Ransomware
2021-01-02/a>	Guy Bruneau	Protecting Home Office and Enterprise in 2021
2020-08-06/a>	Xavier Mertens	A Fork of the FTCode Powershell Ransomware
2020-01-02/a>	Xavier Mertens	Ransomware in Node.js
2019-10-03/a>	Xavier Mertens	"Lost_Files" Ransomware
2019-05-13/a>	Xavier Mertens	From Phishing To Ransomware?
2019-02-20/a>	Brad Duncan	More Russian language malspam pushing Shade (Troldesh) ransomware
2019-01-10/a>	Brad Duncan	Heartbreaking Emails: "Love You" Malspam
2018-11-29/a>	Brad Duncan	Russian language malspam pushing Shade (Troldesh) ransomware
2018-08-15/a>	Brad Duncan	More malspam pushing password-protected Word docs for AZORult and Hermes Ransomware
2018-07-27/a>	Brad Duncan	Malspam with password-protected Word docs pushes Hermes ransomware
2018-06-25/a>	Didier Stevens	Guilty by association
2018-01-25/a>	Xavier Mertens	Ransomware as a Service
2017-10-24/a>	Xavier Mertens	BadRabbit: New ransomware wave hitting RU & UA
2017-09-20/a>	Renato Marinho	Ongoing Ykcol (Locky) campaign
2017-09-01/a>	Brad Duncan	Malspam pushing Locky ransomware tries HoeflerText notifications for Chrome and FireFox
2017-07-14/a>	Brad Duncan	NemucodAES and the malspam that distributes it
2017-06-28/a>	Brad Duncan	Petya? I hardly know ya! - an ISC update on the 2017-06-27 ransomware outbreak
2017-06-28/a>	Brad Duncan	Catching up with Blank Slate: a malspam campaign still going strong
2017-05-24/a>	Brad Duncan	Jaff ransomware gets a makeover
2017-05-12/a>	Xavier Mertens	Massive wave of ransomware ongoing
2017-04-12/a>	Brad Duncan	Malspam on 2017-04-11 pushes yet another ransomware variant
2017-02-09/a>	Brad Duncan	CryptoShield Ransomware from Rig EK
2017-01-06/a>	John Bambenek	Ransomware Operators Cold Calling UK Schools to Get Malware Through
2016-10-10/a>	Didier Stevens	Radare2: rahash2
2016-08-23/a>	Xavier Mertens	Voice Message Notifications Deliver Ransomware
2016-06-26/a>	Rick Wanner	Bart - a new Ransomware
2016-04-11/a>	John Bambenek	Tool Released to Decrypt Petya Ransomware Infected Disks
2016-04-01/a>	John Bambenek	Tips for Stopping Ransomware
2016-03-09/a>	Rob VandenBrink	A Wall Against Cryptowall? Some Tips for Preventing Ransomware
2016-03-07/a>	Xavier Mertens	OSX Ransomware Spread via a Rogue BitTorrent Client Installer
2016-03-06/a>	Jim Clausing	Novel method for slowing down Locky on Samba server using fail2ban
2015-11-07/a>	Didier Stevens	Ransomware & Entropy: Your Turn -> Solution
2015-10-30/a>	Didier Stevens	Ransomware & Entropy: Your Turn
2015-10-18/a>	Didier Stevens	Ransomware & Entropy
2015-04-30/a>	Brad Duncan	Dalexis/CTB-Locker malspam campaign
2014-07-24/a>	Bojan Zdrnja	Windows Previous Versions against ransomware
2014-06-11/a>	Daniel Wesemann	Pay attention to Cryptowall!
2013-10-22/a>	John Bambenek	Cryptolocker Update, Request for Info
2008-06-10/a>	Swa Frantzen	Ransomware keybreaking

HERMES RANSOMWARE

HERMES

RANSOMWARE