Even though the holidays are over, the "Merry Christmas" ransomware is striking again.

This time, the cyber-criminals have added a new component to the threat. This new variant includes the DiamondFox malware which is capable of collecting data from infected hosts, such as passwords, sensitive files, and others.

Whereas the first wave of ransomware posed as FTC consumer complaints, this second wave is using court attendance notices. However, just like the first wave, the malware is being distributed by macro scripts, and, which if allowed to execute, would download and install the latest version of the Merry Christmas ransomware.

In addition to the ransomware, this newer version is dropping DiamondFox which is currently sold on various Dark Web malware marketplaces, such as AlphaBay and Hansa. This malware is capable of many nasty actions including transforming infected PCs into DDoS bots, components for stealing credit card data from PoS systems, components for ransacking browser passwords, components for opening RDP (remote desktop) connections, and much more.

Although many researchers expected the Christmas themed malware to be a one-and-done threat, it now appears that it will continue to try to infect unsuspecting victims.

The Merry X-mas or MRCR decrypter is available here: http://www.majorgeeks.com/files/details/emsisoft_decrypter_for_mrcr.html.

Source: Bleeping Computer