Every other day, cybersecurity researchers discover new cryptovirological strains. In most of the cases, the discovered cryptovirological strains show regular activity i.e. locking down the data on targeted devices and then demanding money for ransomware removal. However, malware hunters have identified an anomaly with the new cryptovirological discovery. A new cryptovirological strain that goes with the name ‘CommonRansomware’ contains some unique demand in its ransom note. As per the preliminary investigation, the operators of this newly discovered ransomware are not just asking money to provide ransomware removal, but also directing the victims to provide them with their respective RDP credentials.
Experts are still trying to make sense of this outrageous demand by the operators of CommonRansomware. Why would anyone give away the credentials of their RDP for ransomware removal of a single device while putting the security of multiple devices in jeopardy?
The strain affixes the affected files with an extension that contains email ID of the attackers and the word ‘CommonRansomware’. Moreover, the operators give a very tight deadline of 12 hours to the victims to get in touch with them for ransomware removal. They threaten to delete the decryption key after 12 hours to cause permanent loss of encrypted data.
In order to prove that they have the decryption key, CommonRansomware operators also offer free decryption of one text file of less than 10 MB in size. However, they make sure that the decrypted file does not contain any critical information.
Apart from RPD credentials, the attackers also want 0.1 Bitcoin for providing the decryption key. It has also been found out that the Bitcoin address provided in the ransom note has been used in many previous ransomware activities as well. Revealing RPD credentials to the criminals is a recipe for further cyber disaster. So, make sure you deal with the attack through professional help instead of paying heed to the attackers’ demand.