Ransomware is slowing down, but not going away

It’s been a busy month for crooks and security researchers alike. Many new variants of Dharma, Kraken, new scarab, Rektware, New IT.Books, Matrix ransomware and mongodb locker were quite active in this month.

New variant of the Dharma ransomware that appends the .brrr or .cmb extension and drops a ransom note named Info.hta that all your files are encrypted. A new variant of the variant Scarab-DiskDoctor ransomware that uses the .mammon extension for encrypted files.

New HiddenTear variant called IT.Books Ransomware that looks like Jigsaw. Drops a ransom note named READ__IT.txt and extension of .f*cked. IT.Books is a high-risk ransomware designed to infiltrate the system and encrypt most of stored data, thereby making it unusable. The created text file and desktop wallpaper contain similar messages saying that data is encrypted and that victim must pay a ransom in order to restore it. Meanwhile, pop-up window states that files are periodically being deleted and that victims must pay a ransom in order to stop the deletion process.

An attack called Mongo Lock is targeting remotely accessible and unprotected MongoDB databases, encrypting them, and then demanding a ransom in order to get the contents back. Mongo db has provided mitigation steps for developer to review these.

A new version, called Kraken Cryptor 1.5, was recently released that is masquerading as the legitimate SuperAntiSpyware anti-malware program in order to trick users into installing it. A new ransomware called Rektware that appends the .CQScSFy extension also came in action.

Users of any computing device must pay close attention when browsing the Internet and downloading/installing/updating software. Always be sure to carefully analyze all email attachments received. If you think that the file is irrelevant or it has been sent by a suspicious/unrecognizable email address, do not open it. Moreover, be sure to download programs only from official sources, using direct download links. Third party downloaders/installers are likely to include rogue/malicious apps, which is why using is not recommended. Users should also keep installed applications updated. To achieve this, however, users should employ only implemented features or tools provided by the official developer. Having a reputable anti-virus/anti-spyware suite installed and running is also paramount. Our recommendation is Max Total Security and we can not emphasize enough Backup , Backup and Backup, use the free Backup / Restore tool provided with the Max Total Security Tools.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>