Jump to content

Filecoder is Now Spreading Globally


Matsuda

Recommended Posts

41414_620.jpg?v=3

Filecoder, an unpleasant and virulent strain of ransomware detected by ESET in large numbers of machines in Russia in September is now spreading globally, with experts estimating that the gang behind it must be earning “millions”.

Part of the reason for their success is the surge in the value of cryptocurrency Bitcoin, which broke the $1,000 barrier for the first time this week, according to Forbes’ report. Filecoder encrypts a user’s files, then demands a ransom in Bitcoin.

The malware – also known as Cryptolocker – is spreading fast, and widely. The U.S. government has issued an official warning that it appears to be targeting small businesses, and PC Advisor says it is now widespread in Australia. It’s often spread via email, and the gang customize these for new territories – for instance, in Britain, Companies House has warned businesses to be wary of phishing emails.

ESET malware researcher Robert Lipovsky reported a resurgence of the ransomware in late September, which encrypts users’ files with near-unbreakable AES encryption, with a 72-hour countdown after which files are “locked away” forever.

At the time, Lipovsky says, the malware largely affected users in Russia, with other victims in Spain and Italy. The malware spread via drive-by downloads from infected sites, and via email, Lipovsky says.

Since then, government warnings from the U.S. Computer Emergency Response Team, and the UK’s Britain’s National Cyber Crime Unit, which warned that tens of millions of computer users are at risk due to a “mass spamming event.”

The malware, identified by ESET as Win32/Filecoder BT, is transmitted via emails that appear to come from banks and financial institutions, the National Cyber Crime Unit warns.

“The emails may be sent out to tens of millions of UK customers, but appear to be targeting small and medium businesses in particular. This spamming event is assessed as a significant risk,” the NCU warned, as reported by We Live Security here.

CNN Money has warned that the malware is a particular risk to small businesses, who may have a small number of machines – and thus more data on each, and few IT staff.

Security reporter Brian Krebs describes the malware outbreak as a “diabolical twist on an old scam,” pointing out how quickly the malware has adapted as it has spread. To begin with, users could only pay in Bitcoin or Moneypak – both of which are complicated to use – so the unknown attackers created a method to pay without using these.

PC Authority said that on 1 November, a variant of the Trojan allowed users to recover “past deadline” by paying an even bigger sum – 10 bitcoins, or $3,000

New versions of the malware have also dropped the ransom price in response to Bitcoin’s surging value – and one, according to Krebs, even offfers users a second chance, “Newer versions change the desktop background to include a URL where the user can download the infection again and pay the ransom.”

Victims, government agencies and security experts agree on one thing – it’s unwise to pay up. In many cases, your files will remain locked anyway. A We Live Security guide to how to defend yourself against Filecoder and other ransomware is here.




search_button.gifSource

Link to comment
Share on other sites


  • Replies 1
  • Views 1.8k
  • Created
  • Last Reply

Top Posters In This Topic

  • Matsuda

    1

  • emerglines

    1

Popular Days

Top Posters In This Topic

The greatest secret that most websites wouldn't tell you that when a company (antivirus product) needs to get more profit of their product they share a percentage with professional hackers ( especially from Russia & China) to make a new treat for other big companies, SMF (Small and medium firms) who relay on their Data Centers especially Marketing field, Antivirus company with a name X is founding a new malware or virus which is made to make the two sides get profits, criminals and AV companies.

Why the ransom ware Cyberlocker was found too faster when Stuxnet was dated more then 2 years ?

Edited by emerglines
Link to comment
Share on other sites


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...