The onslaught of malware seems to be unstoppable. Many of these malware campaigns use the ever popular Angler EK (exploit kit) to distribute different types of malware.
Recently, it distributed a ransomware called AlphaCrypt, which seem to imitate TeslaCrypt, but operates like the infamous Cryptowall 3.0. Soon after, the malicious payload changed. It is an unnamed piece of ransomware that seems to be an evolution of this family of ransomware.
Once the victim’s computer is infected, a message is displayed on the screen claiming that the victim’s network disks, USBs, videos, photos, documents, etc. are encrypted. To see all the encrypted files, the victim has to click the “Show files” button on the screen message. The encryption method utlises a unique RSA-2048 public key and the victim will have to pay a ransom to receive a private key to decrypt the encrypted files, etc.
The criminals behind this malware request a small sum of money, in bitcoins, as ransom, compared to the amount requested by previous ones. Are they being generous? I doubt.
Another interesting thing is that the same malware uses a different bitcoin address for each of the host it infects.
However, this variant of the malware does not provide a name of itself in the decrypt instructions. Hence, it is regarded as an unknown ransomware.
Recommendation
- Use an active anti-virus program and ensure that it is up-to-date.
- Avoid opening email attachments from unknown sources.
- Install email filtering.
- Make regular backups, and keep one backup set off-site.
- Remove unwanted or unnecessary software.
Source
Help Net Security.
InfoSec Handlers Diary Blog.
The Week That Was
- Russia and China sign cyber security pact – both countries have vowed not to launch cyber attacks against each other. They will pool resources – information, law enforcement and technology – to better equip them against any incoming attacks.
- Google bans extensions not in the Chrome Web Store – this is to prevent developers of malicious Chrome extensions from delivering them to users. In other words, extensions that are not hosted on their Web Store can’t be installed and used by users of its browser.
- Home routers being used as botnets – if you don’t take wireless security seriously, your home routers may be infected with malware and used to launch distributed denial-of-service (DDoS) attacks. Though, you may not be infected your resources can be used to launch such attacks.
- Microsoft, Adobe and Mozilla issue critical patch updates – Micorsoft – 13 patch updates that addresses a total of 48 vulnerabilities; Adobe – to fix a total of 52 vulnerabilities for its Flash Player, Adobe Reader and AIR; Mozilla Firefox – to fix 13 security flaws.