Jump to content

Recommended Posts

Posted

The new ransomware variant encrypts and scrambles file names, making it harder to know what to recover.

 

f1f376a2332dd4d7a41eea519219c7a7.png

 

The ransomware, which upon install encrypts files making it almost impossible to regain access, now scrambles file names making it even harder for victims to know which files are which. System restore points are also erased, taking away the option of returning to a previously saved state.

 

Adding insult to injury, the malware also mocks the user, congratulating the user for becoming [sic] "part of large community," according to BleepingComputer, which first detailed the changes.

 

The ransomware continues to use bitcoin as the means of payment, which like in previous versions is handled by a centralized Tor-based command-and-control server to store decryption keys, making the attackers almost impossible to trace.

 

Users are tricked into opening a zipped attachment from a spam campaign, which contains a malicious file, triggering an executable payload.

 

Ransomware hits thousands every week, and costs users $18 million in losses, according to estimates from the FBI.

 

While Cryptowall remains by far one of the most common families of the malware, its success has given rise to new families and variants.

 

But not all malware is created equally, nor is coded correctly, which in some cases can cause devastating data loss.

 

New ransomware discovered late last month uses a single same master encryption key to encrypt files, making it easier for victims to share keys and regain access to files without paying the ransom. But analysis showed that badly-written code would destroy a victim's data because, when the files were encrypted, the key wasn't saved.

 

Storing a backup can mitigate the damage done by file-encrypting ransomware.

 

 

Source:

http://www.zdnet.com/article/new-badly-coded-windows-ransomware-destroys-data-by-mistake/#ftag=RSSbaffb68

76c90dd0e79a714317a8daeecc1584d2.png

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...