One of the problems with the ransomware attacks is that anyone can go back in time and modify it according to their nefarious purposes. According to ransomware removal experts, this strategy was recently used by a ransomware called BitcoinStealer which was modified for Bitcoin theft.
The ransomware is able to change cryptocurrency wallet addresses and transfer funds from them to remote addresses of the cybercriminals. The editing done in the source code is minimal. Hence, according to ransomware removal, anti-ransomware tools will still be able to identify it.
Origins Leading to Jigsaw
Ransomware removal experts found the ransomware’s resemblance to a notorious ransomware known as Jigsaw. Jigsaw was discovered in mid-2016 and was distinct because of its display picture of “Jigsaw”, a villainous figure from the popular horror movie franchise Saw.
Jigsaw’s code was open-source and spread throughout the Internet. Therefore, ransomware removal experts believe that BitcoinStealer cannot necessarily be attributed to Jigsaw’s original team. Jigsaw Ransomware was written in C#, one of the most common programming languages, which means that it is easy for computer science graduates to tinker with the code and launch their own attacks.
How It Works
In the recent attack, the cybercriminals associated with BitcoinStealer have cleverly analyzed one of the latest trends of 2018 i.e. Bitcoin trading. Bitcoin is the most profitable asset today as its worth increased from $1 to more than $7000 in less than 10 years.
The ransomware’s name was found within the code, in which it was labeled as “BitcoinStealer”. The ransomware works by changing the data in the clipboard of the wallets containing Bitcoin, through which it is sent to the hackers.
The reason this strategy works is because the hacker’s wallet address starting variables are similar to the victim’s wallet address and thus victims are fooled as they do not read the address completely. Hence, ransomware removal experts have recommended checking a wallet’s address completely.
