New Ransomware Acts Like Worm
Posted by: Timothy Weaver on 05/28/2016 10:12 AM
[
Comments
]
A new form of ransomware, according to Microsoft’s Threat Research & Response blog, is making the rounds among Windows users and has the ability to move itself to infect other media.
Dubbed Ransom:Win32/ZCryptor.A, the malware is able to spread itself to thumb drives and networked drives. This is a new trend in ransomware.
Trend Micro researcher Michael Jay Villanueva said: "This ransomware is one of the few ransomware families that is capable of spreading on its own. It drops a copy of itself in removable drives, making use of USBs a risky practice."
The malware is spread by normal methods such as spam emails, macro malware or through fake Flash Player installers. It installs an autorun.inf in removable drives and also changes the file attributes to hide itself if the user opens file explorer.
Once it is activated, it encrypts the uses files and shows a ransom note demanding 1.2 bitcoin ($500). If the payment is not made in 4 days, the ransom increases to 5 bitcoins.
Source: SCMagazine
Dubbed Ransom:Win32/ZCryptor.A, the malware is able to spread itself to thumb drives and networked drives. This is a new trend in ransomware. Trend Micro researcher Michael Jay Villanueva said: "This ransomware is one of the few ransomware families that is capable of spreading on its own. It drops a copy of itself in removable drives, making use of USBs a risky practice."
The malware is spread by normal methods such as spam emails, macro malware or through fake Flash Player installers. It installs an autorun.inf in removable drives and also changes the file attributes to hide itself if the user opens file explorer.
Once it is activated, it encrypts the uses files and shows a ransom note demanding 1.2 bitcoin ($500). If the payment is not made in 4 days, the ransom increases to 5 bitcoins.
Source: SCMagazine
Comments
