You may be interested to know that a fix for the newly rebranded CryptoHitman (formerly Jigsaw Ransomware) has been published.
This is a unique ransomware variant which actively deletes a victim’s files if a ransom is not paid. However, the relatively low sums demanded have left many wondering as to the motives of the criminals behind it. Are they really in it for the money, or are they more interested in causing users the maximum inconvenience?
CryptoHitman uses AES encryption to prevent computer users from accessing their own files. In addition, it installs a locker screen, showing the main character from the Hitman video game franchise alongside numerous pornographic images. Additionally, .porno and .pornoransom extensions are added to all encrypted files. These are the only major changes from its original incarnation as Jigsaw Ransomware – which was named after the infamous ‘Saw’ villain.
Hackers say that, to remove the encryption, a ransom payment is required to the firstname.lastname@example.org email address. In the meantime, a clock counts down at one hour intervals throughout the process, at which point a section of files are deleted. If the user forces restarts to try and stop the clock, those files are deleted anyway.
Of course, paying out is not the recommended option, as it not only rewards the cybercriminals but often the data – once returned – has been so corrupted that it proves to be of little to no use anyway.
No specific figures have been unveiled for the new incarnation, but Jigsaw Ransomware used to demand between £14 and £140 from infected users. If no money was proffered within 72 hours, the hard drive was wiped.
Zero-Day Warning! Ransomware targets Microsoft Office 365 Users;
Variants of Cerber Ransomware are now targeting MS Office 365 email users with a massive zero-day attack that has the ability to bypass Office 365's built-in security tools.
According to a report published by cloud security provider Avanan, the massive zero-day Cerber ransomware attack targeted Microsoft Office 365 users with spam or phishing emails carrying malicious file attachments.
Using the legitimate Macro commands associated with office documents, the malware instigated a connection to web site that harboured the crypto threat, in summary the doc was harmless, it was the file that the macro automatically downloaded that posed the real risk. Read the full post here: http://www.avanan.com/resources/attack-on-office-365-corporate-users-with-zero-day-ransomware-virus
Avanan estimates that roughly 57 percent of organizations using Office 365 received at least one copy of the malware into one of their corporate mailboxes during the time of the attack. This attack seems to be a variation of a virus originally detected on network mail servers back in early March of this year.
As always feel free to contact us for more information or advice.