![]() Email and web gateway solutions such as Trend Micro™ Deep Discovery™ Email Inspector and InterScan™ Web Security prevents ransomware from ever reaching end users. Trend Micro offers different solutions to protect enterprises, small businesses, and home users to help minimize the risk of getting affected by ransomware such as cuteRansomware, Alfa, CTB Faker, and Ranscam.Įnterprises can benefit from a multi-layered, step-by-step approach in order to best mitigate the risks brought by these threats. Backing up files using the 3-2-1 rule can mitigate the effects of the file loss from a ransomware infection. Regardless of the type of ransomware family or variant, online best practices such as avoiding opening unverified emails and links embedded in them, and regularly updating software and applications can reduce the risk of getting infected. These four ransomware variants aren’t known to be widely spread, but can be disruptive and even destructive in their own right, especially Ranscam, with its ability to ultimately trick users into paying without giving their files back. ![]() ![]() It's all a lie though-Ranscam already deleted them. It pretends to have moved the user’s files to a “hidden, encrypted partition” instead of leaving the files encrypted in their current location. According to the report, a compromised user would first notice a ransom note displayed by the malware. As its name suggests, it's more of a "ransomware scam" than ransomware. Once the user extracts the contents of the zip files and runs the executable, CTB Faker runs its archiving routine.Ĭonsidered low-tech but highly destructive, Ranscam threatens to delete the victim's files unless the ransom of 0.2 bitcoin is paid, but instead of encrypting the files like regular ransomware, it deletes them anyway-which means the victim loses the files even if the ransom is paid. As soon as the user clicks on the link in the profile, the ransomware downloads the zip file hosted on JottaCloud. CTB Faker, which is actually a WinRAR SFX file, is distributed via fake profile pages on adult sites that contain passwords and links to an alleged password-protected striptease video. 08 bitcoins (around US$50) in exchange for the password. Who says ransomware has to be sophisticated to work? Like the name says, CTB Faker pretends to be CTB Locker ransomware, but instead of encrypting the files on the infected system, CTB Locker moves them into a password-protected ZIP archive and demands a ransom of. Its distribution method is still unknown however, what is certain is that as of late, its encryption cannot be broken by third-party decrypters.ĬTB Faker (detected by Trend Micro as Ransom_ZIPTB.A) Based on findings, once encrypted, Alfa appends a file extension “.bin” to the encrypted file. Said to be developed by the same group behind Cerber ransomware, Alfa ransomware scans all local drives for certain file types upon infection, targeting up to 142 different file types for encryption. cuteRansomware is considered critical as malicious actors are increasingly using the cloud for delivering malware and exfiltrating data via command-and-control and traditional tools lack visibility into SSL-a technique that works to an attacker’s advantage.Īlfa Ransomware (detected by Trend Micro as Ransom_ALFA.A) Based on findings, while the ransomware uses Google Docs, it isn’t limited to Google's cloud platform and can be transferred via other cloud apps. ![]() Here's a quick rundown of the ransomware updates and new families discovered within the week:ĬuteRansomware (detected by Trend Micro as Ransom_CRYPCUTE.A)įound to be based on a source code for a ransomware module called "my-Little-Ransomware" on GitHub, cuteRansomware uses Google Docs to transmit encryption keys and collect user information to avoid detection.
0 Comments
Leave a Reply. |