Ransomware has been running rampant in news reports today. Let’s take a look at a few key stories:
New ransomware discovered in the wild
A new ransomware called “CryptoLuck” has been recently exposed by “Kafeine,” a Proofpoint security researcher. This new type of malware is being distributed via the RIG-E exploit kit, which is typically an unconventional way of spreading new ransomware infections. That said, this specific distribution method can indicate that the ransomware may have a greater chance of affecting a larger number of victims. So, in addition to asking for about $1,500 worth of Bitcoin to be paid within 72 hours, it also abuses the valid GoogleUpdate.exe executable and leverages DLL hijacking to corrupt computers. For the full story, visit Security Week.
Keys to decrypting ransomware
Unlike the victims of CryptoLuck, those affected by Crysis, a form of ransomware that encrypts files and usernames, are now able to download a decryptor. Security blog BleepingComputer released master decryption keys for Crysis victims via Kaspersky Lab’s website. Once the program is running, users can follow the directions to decrypt their infected files. Following the release of the decryptor, targets can reclaim control of their data without having to pay the ransom! Though the reason why keys were released is unknown, experts think it may be due to any increased pressure from law enforcement regarding ransomware and the developers behind them. Visit Healthcare IT News for the full story.
Ransomware used to target bad guys
In general, it’s agreed upon that ransomware is a nasty tool used to extort the innocent. But what would happen if ransomware was used for good? “Ransoc,” a newly discovered strain of ransomware, is working to target and impose ransoms on pedophiles. This particular ransomware is spread by malvertising, mainly consumed through traffic between Plugrush and Traffic Shop that interact within one another on adult websites. The ransomware looks to infect Internet Explorer on Windows and Safari on OS X, and if the malware believes it has suspected illegal files on a user’s device, the user then becomes infected. When infected, a screen locker is then displayed on the victim’s social media and may exhibit a customized “Penalty Notice.” Check out the full story on SC Media.
To read more about ransomware in general from Marc Laliberte, WatchGuard Information Security Threat Analyst, check out “Decrypting Ransomware.”