RSS Yet Another Top Alexa Site Spreading Ransomware

***Update on May 19, 2016*** On Friday May 13, Cyphort Labs noticed that teepr[.]com has fallen again victim of malvertising and is redirecting visitors to Angler. After successful infection, the […]

April 28, 2016 by Dhruval Gandhi Top Alexa Web Site Spreads Locky Ransomware

On Friday Apr 6 2016, at 07:18:59 PDT, Cyphort Labs discovered that was infected with an exploit kit and was serving Locky ransomware. In this drive-by infection, the malware was encrypting […]

April 18, 2016 by Dhruval Gandhi

Drive-by Ransomware Infection in the Wild

Cyphort Labs discovered a number of sites infected by Angler Exploit kit used to spread ransomware in drive-by infections. Some of these sites are highly ranked on the Alexa list, like, […]

April 12, 2016 by Abhijit Mohanta

New Family of Ransom Locker Found, Uses TOR Hidden Service

On March 9 2016, Cyphort Labs discovered an infection on a porn site keng94(dot)com redirecting visitors to an exploit kit and installing a Ransom Locker. The site is redirecting users to rg(dot)foldersasap(dot)com which is […]

March 21, 2016 by Paul Kimayong

Angler EK leads to fileless Gootkit

On January 27, 2016 Cyphort Labs discovered a site infected with Angler EK leading to a fileless Gootkit (a.k.a. XswKit) malware. The site was redirecting visitors to the malware through a compromised […]

February 5, 2016 by Paul Kimayong

Radamant Ransomware distributed via Rig EK

A new ransomware called Radamant has been discovered in early December 2015. On December 31, we found compromised websites redirecting to Rig Exploit Kit and downloading this ransomware. The following […]

January 4, 2016 by Paul Kimayong

Security Look Ahead: What’s in Store for 2016?

The Positive Update: You can now view the video of our December webinar with predictions for 2016. Coming to 2016, we should expect better cybersecurity defense posture across private businesses, […]

December 7, 2015 by Fengmin Gong

Rustelekom malware campaign

Cyphort Labs identified a new campaign of malware injections. This campaign is characteristic of redirectors hosted on Rustelekom IP space.  Rustelekom is a Moscow-based Russian hosting company.  

November 12, 2015 by Nick Bilogorskiy infected with Angler EK: Installs bedep, vawtrak and POS malware

 On October 26, 2015, Cyphort Labs discovered that psychcentral[.]com has been compromised and is currently infecting visitors via drive-by-download malwares. We immediately contacted psychcentral about this infection as early as […]

November 2, 2015 by Paul Kimayong

See the Anti-SIEM in Action.

Schedule a live demo at your convenience, and we’ll present the detection, analytics, and mitigation capabilities of the platform.