Page 75 - Cyber Defense eMagazine - December 2017
P. 75
Nov. 27, 2017. Malware analysts come across a sample that stands out from the rest.
Dubbed StorageCrypter, it targets online-accessible Western Digital My Cloud NAS
(network-attached storage) devices that usually hold a plethora of data. This infection
blemishes encoded files with the .locked extension and drops
READ_ME_FOR_DECRYPT.txt rescue note. The size of the ransom is 0.4 Bitcoin.
Nov. 23, 2017. A blackmail virus called Scarab is being heavily distributed via a
malspam wave originating from Necurs, one of the world’s most powerful botnets. For
the record, this particular botnet gained notoriety for pushing the notorious Locky
ransomware. The perpetrating program stains encrypted files with the
.[[email protected]].scarab extension.
Nov. 22, 2017. The new qkG ransomware, or qkG Filecoder, exhibits a few quite
interesting characteristics. Its activity inside an infected host resembles that of a
computer worm as it utilizes a self-replication mechanism. Furthermore, it contaminates
Normat.dot (Microsoft Word global template) so that every Word document opened by
the victim gets encrypted.
Nov. 20, 2017. The CrySiS ransomware lineage spawns one more variant as part of its
authors’ dynamic update strategy. The newcomer concatenates the .java extension to
ransomed data entries and drops a combo of ransom notes named info.hta and ‘Files
encrypted!!.txt’. Unlike some of the older versions, there is no free decryption tool
supporting this particular edition.
Nov. 17, 2017. A widespread species of ransomware called CryptoMix undergoes
another update. The latest variant adds the .0000 extension to hostage files and replaces
filenames with strings consisting of 32 hexadecimal characters. This way, a victim is
unable to work out which encoded entry corresponds to a specific file. The ransom
notification file is named _HELP_INSTRUCTION.txt.
75 Cyber Defense eMagazine – December 2017 Edition
Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.
