Nasty Trojan Spreads Global Ransomware via Email

[Batu69]

A fresh wave of infected emails is swirling around the globe, carrying a nasty ransomware payload.

ESET is warning of an increased number of infected emails containing a malicious attachment, which downloads and installs ransomware onto an infected device.

 

ESET telemetry detects this malicious downloader as JS/TrojanDownloader.Nemucod and records its unusually high incidence in Europe, North America (especially Canada), Australia and Japan.

 

Japan is the hardest hit with a 75% prevalence level.

The wide-spread infected emails contain attached zipped files that contain a JavaScript file that, when opened, downloads and installs Nemucod to the victim PC.

 

“Emails are written in a very trustworthy way, claiming to be invoices, notices of appearance in court or other official documents,” researchers noted in a blog. “Attackers are just trying to get users to open the malicious attachment.”

 

The end payload in this case is a crypto-bug, such as TeslaCrypt and Locky: When opened, it encrypts victims‘ files on their PCs and requires a ransom for decryption. Both TeslaCrypt and Locky use encryption standards similar to those used by financial institutions when securing online payments.

 

"Ransomware is one of the most active trends in cyber-criminal world, as it has a direct and profitable commercialization model—in some cases, without any significant costs, as most victims have a pretty insecure IT environment," InfoArmor CTO Andrew Komarov told Infosecurity.

 

He added that there are some new movements in the ransomware area identified at the beginning of 2016. For example, the bad actors started to use ransomware-as-a-service (RaaS) approach, working with each other, like with affiliates, distributing malware, and receiving 50% of ransom payments.

 

"Such approach may restructure the current ransomware market and create a large, new number of underground affiliate programs, increasing the number of new infections," he said.

 

It should be noted that the downloader is also known for downloading a diversity of other malware available in-the-wild too.

Users can protect themselves from the threat by simply not opening attachments sent in emails from unknown senders. People reading this should also warn colleagues who most frequently receive emails from external sources—for instance financial departments or human resources.

 

Users can also regularly backup their data, so, in case of infection, this will help recover all data without paying the ransom. But, an external disc or other storage should not remain connected to a computer in order to avoid infection by filecoder. And of course, they should regularly install updates of the OS and other software.

 

Article source

[knowledge-Spammer]

this Ransomware bs is getin out of hand i see more and more things like this nowdays

[Notam]

Its really scary. Ain't the antivirus programs not detecting it

[luisam]

 

9 hours ago, Notam said:

Its really scary. Ain't the antivirus programs not detecting it

I have the impression that maybe as scaring as this ransomware issue, is the procedure of anti-virus and anti-malware producers, who are releasing applications to fight these kind of infections as a NEW LINE or may I say, a side line prodution. So to get the proper "anti-malware", users are supposed to subscribe to an additonal option of thier antimalware application.

So, and it's just my opinion, this might be the reason why anti-virus programs won't detect properly ransomware: you must to get some additional "expanson" for your anti-virus or some entirely new application

[lennybubs]

Malwarebytes anti ransomeware (beta)

sits in the background and doesn't take up a bunch ....

Also from same... anti exploit 

Both work great...you will have to "start protection" with both to activate

and 1 more...malwarebytes for android works great...finally