ibm650 Posted December 13, 2013 Share Posted December 13, 2013 (edited) New crypto ransomware hits US, Russia and EuropeSummary: A gang distributing new crypto ransomware to pay-per-install crime gangs has opted to run its network without a command and control centre to avoid the eye of researchers.By Liam Tung |December 13, 2013 -- 13:14 GMT (05:14 PST)Researchers have discovered a new crypto ransomware threat which they claim has at least 50 variants all designed to hit up victims for a $150 payment.The Cryptolocker malware, which hit the headlines recently for encrypting victims' files and demanding $300 to unlock them, now has a cheaper rival, which researchers at security startup IntelCrawler say began large-scale distribution on 5 December.The newer crypto-locking malware first checks the infected machine has an internet connection by calling up adobe.com, then deletes any original files the victim has on their PC after first making encrypted copies of them and adding a ".perfect" extension to the files. The attackers place a "CONTACT.TXT" file in each directory, which provides their contact information for victim that choose to buy the decryption key.Unlike the first wave of Cryptolocker malware that first started hitting PCs around September, there's no Bitcoin payment option in the new version. Instead, the criminals are asking for payment using peer-to-peer payment service Perfect Money or using a virtual card number through Russian payments firm QIWI Visa. Also, the newer ransomware doesn't use command and control (C&C) infrastructure common to many botnets, instead managing infected machines through specially-crafted decryption software."Each 'decryptor' has a list of hardcoded IP addresses that helps each sample to operate without any C&C at all, in order to hide the owner and to have no roots at all, besides e-commerce details," Andrey Komarov, CEO of IntelCrawler, told ZDNet.Komarov said he had discovered 50 different builds of the malware, which are being sold on underground markets for pay-per install programs. One build had just under 6,000 infected machines, according to Komarov, with the highest concentration of infections in Russia, followed by the US and the Netherlands.As with other malware distribution networks, crime gangs are using a variety of methods to infect machines. Some are distributing it through spam while others are using landing pages that for example, host fake music track files. One example was a Tina Turner song, babyBaby.mp3.exe. The good news is that IntelCrawler says there is a high level of detection amongst AV companies.The company recommends victims not to rename any of the encrypted files and not to change the hostname of their PC. It's working on universal decryption software in order to combat the threat.According to Komarov, the crime gang behind this threat built their tools on the free open 'TurboPower LockBox' library, which uses AES-CTR to encrypt files.Source Edited December 13, 2013 by 7h3Pr3d47oR Fixed source. Link to comment Share on other sites More sharing options...
knowledge-Spammer Posted December 13, 2013 Share Posted December 13, 2013 how two remove all Ransomware What You Need To Know very easy Link to comment Share on other sites More sharing options...
kn_andre Posted December 13, 2013 Share Posted December 13, 2013 Hmmmmmmmm.... Why Didn't "Big Brother" see this and Prevent it before it happened?? Since they are Expert at Sniffing, Snooping and Spying on Everyone and Everything ???? Whats the point of having an "All Seeing Eye" and Obtaining Information about Everything IF you can not Use all that Knowledge and Intel to Prevent Bad Things/Evil Stuff from Happening ??? Thanks @ibm650 for sharing this and Have a Nice Weekend ... Cheers .. Link to comment Share on other sites More sharing options...
Recommended Posts