Marlboro Ransomware Defeated in One Day
Posted by: Timothy Weaver on 01/14/2017 03:43 PM
[
Comments
]
A new strain of ransomware called Marlboro hit the scene but was decoded by security researchers and defeated in a single day.
Discovered by MalwareHunterTeam and _operations6_, the ransomware started with a phishing scheme last evening when the campaign started distributing Word files that would download and install the ransomware on users' computers.
Unlike traditional ransomware, this variant downloads versions for both 32-bit and 64-bit systems. It uses XOR encryption to encrypt the user's files but the ransom note says it uses a strong combination of AES and RSA encryption to unlock the user's files. This is not the case.
If the victim pays the ransom, the decryptor will check the crook's server for a ransom payment and then starting the decryption process.
The spam email purports to be from a retail store called Maxi and the company has published a warning to not open such emails.
The decrypter is available here: http://www.majorgeeks.com/files/details/emsisoft_decrypter_for_marlboro.html.
Source: Bleeping Computer
Discovered by MalwareHunterTeam and _operations6_, the ransomware started with a phishing scheme last evening when the campaign started distributing Word files that would download and install the ransomware on users' computers.Unlike traditional ransomware, this variant downloads versions for both 32-bit and 64-bit systems. It uses XOR encryption to encrypt the user's files but the ransom note says it uses a strong combination of AES and RSA encryption to unlock the user's files. This is not the case.
If the victim pays the ransom, the decryptor will check the crook's server for a ransom payment and then starting the decryption process.
The spam email purports to be from a retail store called Maxi and the company has published a warning to not open such emails.
The decrypter is available here: http://www.majorgeeks.com/files/details/emsisoft_decrypter_for_marlboro.html.
Source: Bleeping Computer
Comments
