Minerva Blog

News & Reports

UIWIX – Evasive Ransomware Exploiting ETERNALBLUE

May 18, 2017

 |  

Gal Bitensky

How the UIWIX ransomware uses evasion techniques to bypass existing security defenses to target endpoints.

Reflecting on the Endpoint Security Architecture in the Aftermath of WannaCry

May 16, 2017

 |  

Lenny Zeltser

The outbreak of WannaCry ransomware has caused enterprises to examine their approach to safeguarding endpoints. Lenny Zeltser, our VP Products, reflects on endpoint security architecture in the aftermath of WannaCry

Using Vaccination to Stop Malware in Real-Life Scenarios

May 15, 2017

 |  

Erez Breiman

Caught in the middle of a malware outbreak without sufficient preventative mechanisms, how can the organization contain the malicious program, to give itself the opportunity to remediate the underlying issues and restore business operations? Read More…

Immunize Yourself from WannaCry Ransomware with Minerva’s FREE Vaccinator

May 14, 2017

 |  

Omri Moyal

To assist organizations and individuals who may be concerned that human error may infect their endpoints with WannaCry, we have released a free, downloadable tool that automatically immunizes your endpoints.

3 Legitimate Looking Techniques Used to Avoid Ransomware Detection

May 10, 2017

 |  

A common strategy used in ransomware attacks is to cloak malicious actions within legitimate looking programs. This combination allows the ransomware to bypass existing security defenses and avoid detection.

Vaccinating Against Spora Ransomware: A Proof-Of-Concept Tool by Minerva

March 15, 2017

 |  

Spora is presently among the most common ransomware families. We released a free tool, which offers a proof-of-concept approach for generating the Spora infection marker, preventing all Spora infections that we’ve seen to date.

New Phishing Campaign Targets South-East Asia

January 10, 2017

 |  

Minerva Research Team

Last week, Minerva prevented a new malware variant that was distributed via phishing emails in south-east Asia. This threat is not an impressive APT, yet – during the first couple of days after its release it wasn't detected by the vast majority of security solutions.

New Carbanak Attack – PREVENTED by Minerva

November 21, 2016

 |  

Minerva Research Team

Protecting an enterprise from advanced cybercriminals is a major challenge. Carbanak-style attacks emphasize the difference between existing products which detect a compromise in a machine, unfortunately after it is already too late and the Minerva Anti-Evasion Platform, which prevents the infection before any damage is done.

CryptoLuck – PREVENTED by Minerva

November 18, 2016

 |  

Minerva Research Team

CryptoLuck is a new ransomware variant, hiding within a legitimate Google-signed application. Minerva's innovative solution prevents this attack.

The Ohagi Mystery – SOLVED!

September 27, 2016

 |  

Minerva Research Team

The Ohagi campaign was exposed by Minerva about six months ago. After reaching a dead-end in our investigation we shared the information we collected with the infosec community, asking researchers all around the world to contact us if they can shed light on Ohagi’s purpose. Our patience has finally been rewarded.

New Hancitor: Pimp my Downloader

August 19, 2016

 |  

Minerva Research Team

Hancitor is a downloader-type malware that's been out there for almost two years. Minerva's malware research team has recently detected a new Hancitor variant, spread via a massive phishing campaign.

The Attack on the DNC – How it Could Have Been Prevented

July 28, 2016

 |  

Gal Bitensky

Six weeks ago both Palo Alto Networks and CrowdStrike released reports regarding a highly advanced attack by a group dubbed APT28, Sofacy or COZY BEAR, linked to an unknown Russian intelligence agency. This was the same malware that hit the DNC. Minerva stops this malware variant without any prior knowledge whatsoever!

RansoMania

July 18, 2016

 |  

Gal Bitensky

This ransomware “population explosion” is making life very difficult for security vendors. Because of the way some security vendors designed and engineered their products, they are forced to chase each new ransomware family and its unique characteristics.

Did Someone Order Pizza(crypts)?

July 11, 2016

 |  

Gal Bitensky

Malware authors imagination works extra-hours when it comes to creating new ransomware strains. In the saturated underground market of this specific malware type they constantly try to improve and "brand" their product in various creative ways.

Minerva's Benefits for the Healthcare Industry

July 7, 2016

 |  

Gal Bitensky

During the last couple of decades, the healthcare industry went through a big transformation – integrating advanced computer solutions almost in all of their services. Unfortunately, cyber-criminals are always looking for new opportunities – and the Healthcare sector became a prime target for cyber attacks.

The Time is Now: Security pros must make a choice

June 20, 2016

 |  

Michael Patton

In order to control spending there has to be a paradigm shift from Detection and Response to Prevention which will in turn help lower security spending.

Keys to the Kingdom

June 16, 2016

 |  

Michael Patton

Minerva Anti-Evasion Platform uses the malware’s strength of circumventing other security solutions against itself prior to malicious code being installed at the endpoint. This gives our customers the peace of mind of knowing the malware is stopped prior to any damaging being done.

IronGate: "New Stuxnet", PREVENTED by Minerva

June 3, 2016

 |  

Gal Bitensky

IronGate is a multi-stage malware, written in Python and compiled to a windows executable by PyInstaller. In order to evade detection, it uses virtual machine detection techniques. This enables the malware to sneak through sandbox solutions which fail to hide the fact that they are running over virtualization infrastructure.

Cybercriminals Adopt the Mossad Emblem

May 19, 2016

 |  

Gal Bitensky

Security researcher @benkow recently spotted the appearance of the Mossad’s emblem in very different and odd context – the command and control infrastructure of a POS malware called TreasureHunter which contained what he called a "funny Jewish C&C".

Bedep – Preventing Fileless Malware

May 9, 2016

 |  

Gal Bitensky

Fileless malware is a rapidly rising trend that Kaspersky Labs highlighted in their predictions for 2016. Bedep belongs this class of malware, as it runs within the browser process and leaves practically no traces of its activity, making its detection and analysis a real challenge.

Exploit Kits? PREVENTED by Minerva!

April 11, 2016

 |  

An exploit kit (EK) is a software product sold on the underground market, designed to run on top of web servers in order to spread malware to victims browsing to infected websites. EKs first try to detect vulnerabilities in the victim's browser or its plugins, and then try to execute an exploit against the specific detected product configuration.

USB Thief – Threat PREVENTED

April 4, 2016

 |  

USB Thief, utilizes a unique method to infect its victims – spreading through portable apps and disguising itself as one of the app’s DLLs. The “USB Thief” deploys in four different stages, each designed to prevent the malware from executing in hostile environments.

Mysterious Ohagi

March 28, 2016

 |  

Gal Bitensky

Minerva's Research team have been on the hunt for emerging threats. In recent months we have observed the use of new reconnaissance and cookie stealer malware. This type of activity might suggest an ongoing intelligence gathering operation in preparation of future infiltration. In order to shed more light on this activity we decided to share our findings with the rest of the community.

TeslaCrypt 3.1? New Ransomware Strain Removes ShadowCopies via WMI

March 15, 2016

 |  

At the moment, Ransomware is the hot button issue for information security professionals world wide. Malware authors are aware of this, and know that each minute their ransomware remains undetected can translate to thousands of dollars in ill-gotten gains. For ransomware “flying under the radar” is a unique challenge. Unlike Trojans which are “silent” by definition, ransomware actually notifies the intended victim of its’ infection...

Ransomware is Here to Stay, but…

February 23, 2016

 |  

Since 2012 ransomware has been an ever-growing threat. It inflicts catastrophic damage to endpoints, making it one of the most familiar types of computer threats and is well-recognized even by non-techies.

Minerva vs. Ransomware - Remediating Ransomware Damage

January 25, 2016

 |  

Ransomware are an awful damaging threat to every enterprise. Therefore we developed a unique patent pending, new method for remediating damage done by ransomware, such as Cryptolocker, Cryptowall, CTB-Locker, Teslacrypt, Valutcrypt etc.

Ransomware - A Threat Prevented!

January 14, 2016

 |  

Gal Bitensky

Go to top >>