Computer viruses and malware are known to evolve rapidly to stay a step ahead of antivirus and cybersecurity software. But sometimes hackers make a quick buck by reusing the same malicious application under different names. While there is a question of such ransomware’s efficiency due to the availability of solutions to deal with such threats, criminals behind it have started to opt for a more localized approach to infect systems.
A new ransomware in Brazil, “.one” is one such ransomware that has recycled the codes from a previously known XPan ransomware to create a moderately effective malicious software capable of earning money for its owners. Reports indicate that the .one” needs to be propagated by manually installing and executing the malware over unsecure remote desktop protocol (RBP). Once the system is infected, the victim will receive a ransom note asking him/her to contact the mentioned email (one@proxy.tg) with a unique ID to obtain further details for ransom payments.
The ransomware, suspected to be distributed by a group of small-time cybercriminals has already affected many computers belonging to small and medium businesses in the country. The similarities between XPan and .one ransomware was found during an in-depth analysis of the malicious program. The similarities include the target file extensions, ransom note, commands executed before and after the encryption process and even the public RSA keys of the criminals. However, it seems like the .one ransomware stunt is not going to be profitable to its creators for long. Kaspersky has announced that they have successfully cracked the encryption, just like in the case of its predecessor, XPan.
The cybersecurity firm claims to have already helped few businesses recover their files without having to pay the 0.3 BTC ransom. Believed to be a localized cyberthreat, Kaspersky advises victims of the attack not to pay the ransom. Instead, they can contact the company’s customer support who will assist them through the decryption process.
Meanwhile, there are indications of an increase in the number of localized threats confined to specific geographies. The new development will not only increase the workload for computer security firms to address the issue but also hampers information flow about the attacks as many times such small targeted attacks may go unreported until the threat’s prevalence increases.
Ref: Secure List | Image: Kaspersky