New Ransomware Hits Top Three
Posted by: Timothy Weaver on 09/15/2015 09:45 AM
[
Comments
]
One of the top three ransomware threats has been discovered by Kaspersky with the encryption extension “.xtbl” and “.ytbl.” It is not at this time repairable.
The Trojan itself, which has mostly infected systems in Russia, Ukraine and Germany, hasn't really evolved but that “the format of the encrypted file's name, the C&C server addresses and the RSA keys have been changing.”
A victim visiting a compromised site—either one that belongs to cybercriminals or a site that has been hacked—is unwittingly infected.
Kaspersky explained that the victim typically has no clue that the site is compromised and “malicious code on the website exploits a vulnerability in the browser or a plugin, and the Trojan is then covertly installed in the system,” the post said. “Unlike the spam delivery method, the victim doesn't even have to run an executable file.”
Source: SCMagazine
The Trojan itself, which has mostly infected systems in Russia, Ukraine and Germany, hasn't really evolved but that “the format of the encrypted file's name, the C&C server addresses and the RSA keys have been changing.”
A victim visiting a compromised site—either one that belongs to cybercriminals or a site that has been hacked—is unwittingly infected.
Kaspersky explained that the victim typically has no clue that the site is compromised and “malicious code on the website exploits a vulnerability in the browser or a plugin, and the Trojan is then covertly installed in the system,” the post said. “Unlike the spam delivery method, the victim doesn't even have to run an executable file.”
Source: SCMagazine
Comments
