Date:15/02/19
The ransomware spreads through emails, that pose as order updates, seemingly coming from legitimate Russian organizations. The one seen by ESET cyber security expert “impersonate the Russian bank B&N Bank (note: recently merged with Otkritie Bank), and the retail chain Magnit. The ZIP archive contains a JavaScript file named “Информация.js” (“Information” in English). Once extracted and launched, it downloads a malicious loader, detected as Win32/Injector, that decrypts and launches the final payload: the Shade malware. It encrypts a wide range of file types on local drives. In this campaign, it appends the extension .crypted000007 to the encrypted files. The payment instructions are presented to victims in a TXT file, in Russian and English, which is dropped to all drives on the affected computer. The wording of the ransom note is identical to that from the previously-reported October 2018 campaign.
ESET observes rise in activity of Shade ransomware
Russia has been hit by a ransomware campaign with the malware Troldesh (aka Shade). It has been discovered by ESET cyber security experts. Moreover, it appears to be the follow-up of the last October cyber-attacks with the same code. The cybercrime vector as usual are emails with malicious JavaScript attachments. According to the company’s blog, the “telemetry shows the October 2018 campaign running at a consistent pace until the second half of December 2018, taking a break around Christmas, and then resuming in mid-January 2019 doubled in size. This campaign is a part of a larger trend we have observed from the beginning of 2019 – the comeback of malicious JavaScript attachments as a widely used attack vector.” The last cyber-attacks have hit especially Russia (52% of the total detections), but not only. Among other affected countries are Ukraine, France, Germany, and Japan.The ransomware spreads through emails, that pose as order updates, seemingly coming from legitimate Russian organizations. The one seen by ESET cyber security expert “impersonate the Russian bank B&N Bank (note: recently merged with Otkritie Bank), and the retail chain Magnit. The ZIP archive contains a JavaScript file named “Информация.js” (“Information” in English). Once extracted and launched, it downloads a malicious loader, detected as Win32/Injector, that decrypts and launches the final payload: the Shade malware. It encrypts a wide range of file types on local drives. In this campaign, it appends the extension .crypted000007 to the encrypted files. The payment instructions are presented to victims in a TXT file, in Russian and English, which is dropped to all drives on the affected computer. The wording of the ransom note is identical to that from the previously-reported October 2018 campaign.
Views: 413
©ictnews.az. All rights reserved.Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World