• Tag Archives encrypted
  • Ransomware developers look to educate victims and Help Decrypt files

    Knowledge is good, At least according to the cybercriminals who are developing ransomware that will give a free decryption key if the victim reads two articles about ransomware.

    A new variant of Koolova was discovered by security researcher Michael Gillespie, that demands the victim read two articles: a Google Security Blog, Stay safe while browsing, and a Bleeping Computer article, Jigsaw Ransomware Decrypted: Will delete your files until you pay the Ransom.

    Lawrence Abrams, said the ransomware itself behaves like Jigsaw in that once it encrypts the files it delivers a scrolling note telling the victim to read stories or else risk having their files deleted. In Jigsaw’s case the demand is for a ransom payment.

  • Mobile banking trojan now has encryption and is targeting over 2000 apps

    Security experts at Kaspersky Lab have discovered a modification of the mobile banking Trojan, Faketoken, which can encrypt user data. Kaspersky Lab has detected several thousand Faketoken installation packages capable of encrypting data, the earliest of which dates back to July 2016.

    Disguised as various programs and games, including Adobe Flash Player, the modified Trojan can also steal credentials from more than 2000 Android financial applications.

    To date, the modified Faketoken has claimed over 16,000 victims in 27 countries, with the most located in Russia, Ukraine, Germany and Thailand.

    The newly added data-encryption capability is unusual in that most mobile ransomware focuses on blocking the device rather than the data, which is generally backed-up to the cloud.

    In Faketoken’s case, the data – including documents and media files such as pictures and videos – is encrypted using AES symmetric encryption which can, in some cases, be decrypted by the victim without paying a ransom.

    During the initial infection process, the Trojan demands administrator rights, permission to overlay other apps or to be a default SMS application – often leaving users with little or no choice but to comply. Among other things, these rights enable Faketoken to steal data: both directly, like contacts and files, and indirectly, through phishing pages.

    The Trojan is designed for data theft on an international scale. Once all the necessary rights are in place, it downloads a database from its command and control server containing phrases in 77 languages for different device localisations.

    These are used to create phishing messages to seize passwords from users’ Gmail accounts. The Trojan can also overlay the Google Play Store, presenting a phishing page to steal credit card details.

    In fact, the Trojan can download a long list of applications for attack and even an HTML template page to generate phishing pages for the relevant apps. Kaspersky Lab researchers uncovered a list of 2249 financial applications.

    Intriguingly, the modified Faketoken also tries to replace application shortcuts for social media networks, instant messengers and browsers with its own versions. The reason for this is unclear as the substitute icons lead to the same legitimate applications.

    “The latest modification of the Faketoken mobile banking Trojan is interesting in that some of the new features appear to provide limited additional benefit for the attackers. That doesn’t mean we shouldn’t take them seriously. They may represent the groundwork for future developments, or reveal the ongoing innovation of an ever-evolving and successful malware family. In exposing the threat, we can neutralise it, and help to keep people, their devices and their data safe,” says Roman Unuchek, senior malware analyst at Kaspersky Lab.

  • CTB-Locker ransomware spreading through fake Windows 10 Update emails

    With the highly publicized release of Microsoft’s Windows 10 on July 29th, scammers and malware developers were quick to jump in and use it as a method of distributing malware. Cisco’s Talos Group has discovered a email campaign underway that pretends to be from Microsoft and contains an attachment that will supposedly allow you to upgrade to Windows 10. In reality, though, this email is fake and once you double-click on the attached file, you will instead become infected with the encrypting ransomware CTB-Locker.
    Image of fake Windows Update Email courtesy of Cisco

    As you can see the email pretends to be from the email address update@microsoft.com and contains the subject [b]Windows 10 Free Update. Even the email message looks legitimate with no spelling mistakes or strange grammar. This is because the content is copied directly from Microsoft’s site. The only tell-tale sign is that there will be some characters that do not render properly. Unfortunately, this small sign will not be enough for many people to notice.

    Furthermore, once they download the attachment and extract it, the attached Win10Installer.exe icon will be the familiar Windows 10 logo.

    It isn’t until you inspect the file properties of the attachment, do you see that something is not right as its file description will be iMacros Web Automation and the copyright for the program will belong to Ipswitch. Ipswitch is a legitimate company and not the ones who released this malware.

    Finally, if a user double-clicks on the Win10Installer.exe file, they will not be greeted with the normal Windows 10 upgrade screen. Instead, after a brief delay they will be shown the screen for the CTB-Locker ransomware.

    CTB-Locker Computer Virus removal and data file recovery service. Local and Online service. Fort Lauderdale,Miami, Boca Raton and all South florida
    CTB-Locker Computer Virus removal and data file recovery service. Local and Online service. Fort Lauderdale,Miami, Boca Raton and all South florida

    At this point, the computer’s data will be encrypted and there is not much that can be done about it.


    IF INFECTED Visit Our Main Site OR call 754-234-5598

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere