Alexandre Mundo, Senior Malware Analyst is part of Mcafee's Advanced Threat Research team. He reverses the new threads in advanced attacks and make research of them in a daily basis. He is focused in APT and new, and old but very active, ransomware attacks and malware. He performs malware and forensic analysis and teach junior malware analysts and has developed training courses, workshops and presentations of malware analysis.
He worked as freelance and consultor in the past too.

Alexandre Mundo Blog Feed

More from Alexandre Mundo

McAfee Labs

McAfee ATR Threat Report: A Quick Primer on Cuba Ransomware

Executive Summary  Cuba ransomware is an older ransomware, that has recently undergone some development. The actors have incorporated the leaking of victim data to increase its impact and revenue, much like we have seen recently with other major ransomware campaigns.  In our analysis, we observed that the attackers had access to the network before the infection and were ...

McAfee Labs

Babuk Ransomware

Executive Summary Babuk ransomware is a new ransomware threat discovered in 2021 that has impacted at least five big enterprises, with one already paying the criminals $85,000 after negotiations. As with other variants, this ransomware is deployed in the network of enterprises that the criminals carefully target and compromise. Using ...

McAfee Labs

RagnarLocker Ransomware Threatens to Release Confidential Information

EXECUTIVE SUMMARY The RagnarLocker ransomware first appeared in the wild at the end of December 2019 as part of a campaign against compromised networks targeted by its operators. The ransomware code is small (only 48kb after the protection in its custom packer is removed) and coded in a high programming ...

McAfee Labs

Nemty Ransomware – Learning by Doing

Executive Summary The McAfee Advanced Threat Research Team (ATR) observed a new ransomware family named ‘Nemty’ on 20 August 2019. We are in an era where ransomware developers face multiple struggles, from the great work done by the security community to protect against their malware, to initiatives such as the ...

McAfee Labs

Ransomware Maze

EXECUTIVE SUMMARY The Maze ransomware, previously known in the community as “ChaCha ransomware”, was discovered on May the 29th 2019 by Jerome Segura[1]. The main goal of the ransomware is to crypt all files that it can in an infected system and then demand a ransom to recover the files. ...

McAfee Labs

Buran Ransomware; the Evolution of VegaLocker

McAfee’s Advanced Threat Research Team observed how a new ransomware family named ‘Buran’ appeared in May 2019. Buran works as a RaaS model like other ransomware families such as REVil, GandCrab (now defunct), Phobos, etc. The author(s) take 25% of the income earned by affiliates, instead of the 30% – ...

McAfee Labs

Clop Ransomware

This new ransomware was discovered by Michael Gillespie on 8 February 2019 and it is still improving over time. This blog will explain the technical details and share information about how this new ransomware family is working. There are some variants of the Clop ransomware but in this report, we ...

McAfee Labs

RDP Stands for “Really DO Patch!” – Understanding the Wormable RDP Vulnerability CVE-2019-0708

During Microsoft’s May Patch Tuesday cycle, a security advisory was released for a vulnerability in the Remote Desktop Protocol (RDP). What was unique in this particular patch cycle was that Microsoft produced a fix for Windows XP and several other operating systems, which have not been supported for security updates ...

McAfee Labs

Ryuk, Exploring the Human Connection

In collaboration with Bill Siegel and Alex Holdtman from Coveware.   At the beginning of 2019, McAfee ATR published an article describing how the hasty attribution of Ryuk ransomware to North Korea was missing the point. Since then, collective industry peers discovered additional technical details on Ryuk’s inner workings, the ...

McAfee Labs

Happy New Year 2019! Anatova is here!

During our continuous hunt for new threats, we discovered a new ransomware family we call Anatova (based on the name of the ransom note). Anatova was discovered in a private peer-to-peer (p2p) network. After initial analysis, and making sure that our customers are protected, we decided to make this discovery ...

Subscribe to McAfee Securing Tomorrow Blogs