The cybercriminals are also “kind” enough to decrypt one file for free, which is sort of a cold comfort to the target. Obviously, if this ransom Trojan hits an enterprise network consisting of multiple machines, the ransom will be much higher than in a single PC assault scenario. These terms are to be negotiated individually.
Interestingly enough, the amount depends on how important the locked data is, and it may range from 0.5 BTC to as much as 25 BTC.
The files can only be recovered if the victim pays a ransom in Bitcoins. The user should indicate the same information in messages to both of the above addresses, probably because the bad guys assume either of these accounts may be suspended as a result of infected people’s complaints. The document with ransom instructions tells the victim to contact the hackers over the following emails: and and provide such details as the country, computer name and username. The first two are ransom notes and encrypted files list, respectively, and the last one is the malicious executable. In addition to that, the ransomware created several new files on the Desktop, namely DECRYPTION_HOWTO.Notepad, Encrypted_Files.Notepad, and surprise.exe. Therefore, a sample item named “presentation.pdf” morphed into “”. An unknown malicious program had encrypted the files and concatenated a “.surprise” extension to every filename. One of the infected users started a thread at Bleeping Computer security forum, stating that his personal data, including images, videos, text documents, PDF and DWG files became inaccessible all of a sudden. The ransomware campaign under consideration surfaced March 9 and originally didn’t seem to differ a lot from numerous copycats. The potential attack surface, obviously, is huge. Since the app boasts user count of 1 billion and growing, cyber perpetrators have come to try their hand at harnessing its functionality in a not-so-benign way, to put it mildly. Surprise, Hackers Use TeamViewer to Spread Ransomware TeamViewer is a popular cross-platform piece of software used for remote computer access, which allows customers to get professional tech support, set up online meetings and interact with partners in real time via an intuitive interface. A series of recent onslaughts, however, stand out from the crowd because the offenders have been taking advantage of TeamViewer sessions as the malware entry point. Security analysts mostly deal with ransomware attacks deployed through exploits, booby-trapped email attachments, or Microsoft Office loopholes occurring when users are tricked into enabling macros.
0 kommentar(er)
