Richard Clayton

40 POSTS 0 COMMENTS

BROKERS IN THE SHADOWS – Part 2: Analyzing Petya’s DoublePulsarV2.0 Backdoor

Background In the wake of WannaCry, a new cyber threat has emerged from the NSA leak. Making use of previously exposed tools, Petya once again...

Preventing Petya – stopping the next ransomware attack

Check Point’s Incident Response Team has been responding to multiple global infections caused by a new variant of the Petya malware, which first appeared...

Threat Brief: Petya Ransomware, A Global Attack

A worldwide attack erupted on June 27 with a high concentration of hits in Ukraine - including the Ukrainian central bank, government offices and private...

CrashOverride

On June 20th Check Point published an IPS signature providing virtual patching for the Siemens SIPROTEC DoS vulnerability. This IPS signature can help protect...

Anatomy of the Jaff Ransomware Campaign

Last month, Check Point researchers were able to spot the distribution of Jaff Ransomware by the Necurs Botnet. The ransomware was spread using malicious...

BROKERS IN THE SHADOWS: Analyzing vulnerabilities and attacks spawned by the...

Background Rarely does the release of an exploit have such a large impact across the world. With the recent leak of the NSA exploit methods,...

April’s Most Wanted Malware: Exploit Kit Attacks Continue, While Slammer Worm...

Check Point’s latest Global Threat Impact Index detected a continued increase in the number of organizations being targeted with Exploit Kits, as Rig EK...

Check Point Reveals Global WannaCry Ransomware Infection Map at CPX Europe...

Check Point researchers have been investigating the ransomware campaign in detail since it was first reported. With a new Check Point WannaCry Ransomware Infection...

WannaCry – New Kill-Switch, New Sinkhole

Check Point Threat Intelligence and Research team has just registered a brand new kill-switch domain used by a fresh sample of the WannaCry Ransomware. In...

WannaCry – Paid Time Off?

Let us open with a TL;DR – DO NOT pay the ransom demanded by the WannaCry ransomware! Now, let us explain why: As of this writing...