360totalsecurity : There is a new ransomware, posing as a Windows Activator, that contains a hidden configuration function
There is a new ransomware, posing as a Windows Activator, appearing to be distributed through external network drives. It has been spotted by the cyber security experts at 360totalsecurity. The malware contains “a hidden configuration function, which can view and modify the key and prompt information used for encryption, and also obtain key decryption through this interface.”, the company blog reported. The virus uses the open source library of CryptoPP and it encrypts first 0x500000 bytes (about 5M) of the file. The oversized files will no longer encrypt the latter part, and then the AES algorithm is called for encryption. Once the encryption completed it appends [.]keypass extension to all the files and asks victim’s to pay $300 within 72 hours to decrypt the files.
The ransomware is a global problem and Windows Activator has been a popular tool for cybercrime to spread Trojan viruses
The ransomware is a global problem it emerges as a lucrative revenue model for cybercriminals. Some malware’s also have worm-like capabilities which enable to spread across the network. In this context, Windows Activator has been a popular tool for attackers to spread Trojan viruses. In 2017, server intrusion has become an important means for spreading ransomware that about 15% of ransomware attacks target SME. Compared to personal computers, SME’s server data is more valuable and unrecoverable, so the possibility of paying ransom is relatively stronger. As and example, the GlobeImposter ransomware family is growing up wildly. The main goal of this cyber attack is to start the server of Remote Desktop Service. The malicious hacker violently cracks the server password, initiates a scan, and manually spreads the malware, causing the files to be encrypted.