![]() ![]() ![]() This way, the black hats simply try to prove they are actually able to restore the frozen data."Īnother wrinkle is that more than one user ID was used to infect systems, and that in some cases the box had been owned for months. The cybercriminals are also “kind” enough to decrypt one file for free, which is sort of a cold comfort to the target. Obviously, if this ransom Trojan hits an enterprise network consisting of multiple machines, the ransom will be much higher than in a single PC assault scenario. These terms are to be negotiated individually. Interestingly enough, the amount depends on how important the locked data is, and it may range from 0.5 BTC to as much as 25 BTC. "The files can only be recovered if the victim pays a ransom in Bitcoins. ![]() He also reported on a new criminal approach: negotiated ransom. “Moreover, the analysis of TeamViewer traffic logs showed that someone had remotely executed the surprise.exe process on computers, which resulted in malware injection behind the scenes,” noted PrivacyPC’s David Balaban. When the string was pulled, it turned out that all of them were using TeamViewer v4. The first time this was mentioned was in a forum post on Bleeping Computer on March 9th, and as more machines got infected, victims were able to upload the malware executable to the forum for analysis. The cybercriminals using the Surprise ransomware have chosen an unusual infection vector: the popular remote control tool TeamViewer. A modified version of EDA2, an open source ransomware strain developed by Turkish computer engineering student Utku Sen, -by the way, thanks Utku, that was a very smart idea- has been encrypting files and appending the. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |