Recently, ransomware removal experts found a new strategy to spread ransomware. The newly-discovered ransomware poses as the Windows Activator. This ransomware propagates with the help of network drives. According to ransomware removal experts, the ransomware consists of a configuration function that is not visible. This configuration function exploits the victim’s PC and scans the disk so it can further engage in the encryption process.
While investigating this new development, ransomware removal experts found CryptoPP was found as the library that was utilized in the ransomware’s development. The open source library helps the ransomware to encrypt the initial 0x500000 bytes of data files in the compromised PCs. Afterwards, the cryptographic algorithm Advanced Encryption Standard starts to completely encrypt the files.
Subsequently, the ransomware will add an extension to all the affected files by adding ‘keypass’ at the end of the file names. A ransom note will also be provided. The ransom note demands a payment of $300 with a deadline limit of 3 days. Compliance with the payment is promised with the decryption of the affected files.
Ransomware removal experts have stated that the cyber pandemic of ransomware spreading across the world has become a great business model for cybercriminals. For this purpose, cybercriminals use cyber threats like worms and trojans to successfully infect victims’ PC. Now, these cybercriminals have come up with the novel idea of spreading their ransomware in the guise of a fake Windows Activator.
Alarmingly, last year several company servers were found to be attacked. It was estimated that almost 15 percent of the ransomware attacks were intended for SMEs (Small and Medium Enterprises). SMEs are seen as lucrative targets for ransomware attacks because their corporate and business data is expected to be more sensitive and less secure. Hence, maximum ransom money can be generated through the exploitation of such businesses.
