Safe Breach Labs cybersecurity experts: The threat actor infects victims via Farsi phishing emails with a PowerShell stealer malware.
The cyber security researcher Michael Gillespie discovered the weird ransomware CommonRansom. The malware asks Bitcoin and RDP access to decrypt files
The case of CommonRansom confirms that ransomware can be weird. It has been discovered by the cyber security researcher Michael Gillespie, after a victim uploaded a ransom note and an encrypted file to his ID Ransomware service. The cyber criminals behind it request the victim to open up Remote Desktop Services on the affected computer and send them admin credentials in order to decrypt the files. Furthermore, he has to pay 0,1 Bitcoin to an identified wallet. Everything must be complied within 12 hours. In case of no answer to the email “[email protected]”, the cybercrime group will delete the encryption password. “Essentially – Gillespie wrote on his Twitter profile -, once you pay, you gotta open up RDP for them and they will remote in to decrypt your files”. It “Sounds trustworthy,” added with a laughing emoji.
Is the cybercrime changing the ransomware game? No more just money, but also other. Probably more difficult to manage and mitigate
Complying with the cybercrime gang requests could be very dangerous for the victims of CommonRansom. Once the ransomware owners are connected, you lose access to your screen and have no idea what they are doing. They may decrypt your files, as promised. But they also may also install further malware onto your computer, delete files, or steal data. So, it’s imperative to not pay and nor send the credentials. This weird operation, however, is a big warning. The cyber criminals could have raised the shot. Until now the ransomware have been used only to ask for money. But from today, the ransom could be of different kind and more difficult to manage and mitigate.