Cyren Security Blog

Subscribe to this Blog

Self Defense: How to Detect A Botnet on Your Network

by John Callon

Botnets Malware Threat Analysis Web Security

Cyren blocks outbound bot communications and helps identify where the bots are in order to remove them. Learn how to recognize the warning signs.

Build, buy, or lease? The 15-minute botnet

by Avi Turiel

Botnets Malware Threat Analysis Web Security

Becoming an Internet criminal is getting easier and easier. With only a few hundred dollars in hand and an Internet connection, anyone can obtain the software and support to build a botnet. And after the initial outlay of cash, a criminal botmaster can quickly realize a significant return on investment through malware distribution, spam, phishing, and even DDoS attacks.

Breaking Down Today’s Petya Ransomware Attack

by Magni Reynir Sigurðsson

Malware Ransomware Threat Analysis

The Petya ransomware attack today uses the EternalBlue exploit, which is the same exploit that was used in the WannaCry attack to spread and infect the victim’s computer with a nasty ransomware.

Malware is Moving Heavily to HTTPS

by Arna Magnúsardóttir

Malware Threat Analysis

Cyren found that HTTPS is being utilized in 37% of all malware. SSL inspection is key to protecting your users and network from threats that use HTTPS.

Locky 2? Jaff Ransomware Launched from Necurs Botnet

by Arna Magnúsardóttir

Botnets Malware Threat Analysis

Despite WannaCrypt grabbing all the headlines, it is far from being the only ransomware in circulation. A second wave of Jaff ransomware is now being distributed by the stealthy Necurs botnet. Starting on Monday, May 8 (around 9:30 UTC), the Necurs botnet was harnessed to distribute a new Locky-style email campaign with an initial global outbreak of around 20 million emails. Cyren saw and blocked about 50 million Jaff emails in less than 24 hours during a subsequent wave, and on Thursday approximately 65 million Jaff emails were detected and blocked.

WannaCrypt Ransomware Spreads Like A Worm Via NSA Exploit

by Magni Reynir Sigurðsson

Malware Ransomware Threat Analysis

UPDATE (May 14): WannaCrypt/WannaCry is still being delivered through file sharing services over https at hxxps:// and hxxps://


The WannaCrypt ransomware (aka WannaCryptor, Wcrypt, and WannaCry) has managed to infect thousands of systems within just a few hours of its first appearance yesterday, with estimates on the order of 100,000 PC infections in 100 countries. There are reports of disruption at the likes of British National Health Service medical centers, German Railway ticket computers, FedEx and Telefonica, which apparently ordered employees to disconnect their computers from the corporate network in an attempt to stymie the spread of WannaCrypt. The ransomware encrypts files found on the system and initially demands ransom payment of $300 delivered in Bitcoin to a specific address, with the payment demand amount reportedly escalating over time.