• Cyber Security
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware File Recovery
    • Ransomware Types
  • Ransomware Services
    • Ransomware Removal
    • Ransomware File Recovery
  • News
  • Tutorials
  • Ransomware TV

Hacked Remote Desktop infected with a LockCrypt .1BTC Variant

March 15, 2018Simeon Georgiev

New information has started coming forth regarding the reemergence of the new and better version of the LockCrypt ransomware that was being distributed and subsequently redistributed via hacked remote desktop services. The first piece of difference between the two versions seems to be that this virus encrypts a victim’s files and then appends the .1btc extension to mark all the files that are left affected. The previous version hid the changes in the extension signaling that it wanted it to remain undetected that the PC had been compromise. A specific ransomware removal scan would have to be run in order to detect and remove the ransomware.

The common feature between the two versions is that the attackers look for accessible computers to run the Remote Desktop Services while also trying to disrupt and gain control of the force login credentials. Once the attackers have broken through the firewall and other defenses, it will look to execute the ransomware on as many computers through the network as possible.

After the ransomware has carried out the execution command, it encrypts the computer or computers affected. The ransomware developers then provide contact info about how the victim can pay the ransom money. If there are multiples machines that need decryption then the users will be able to pay a reduced price.

The new version works in a similar fashion. Apart from that, the developers have also changed their email addresses as reports began emerging of there being several police complaints being launched to track the suspected developers of this ransomware. The change in the extension is another feature that differentiates the two versions. The current variant of the virus has been in distribution since the tail end of December 2017. The ransomware begins its attack by encoding the file names with Base64. Afterwards, it’ll append the .1btc extension.

It’s yet to emerge just how the developers of this ransomware are asking for. Attempts to remove ransomware through different tools have failed. The developers state in their ransom notes that the price for the decryption will be in Bitcoins. Allegedly the ransom could be as much as 1 BTC per PC.

Simeon Georgiev
https://www.linkedin.com/in/simeon--georgiev/
I am a Cyber Security Enthusiast from Bulgaria. I like to write about malware and ransomware and global cyber attacks. You can reach me on Twitter @sgeorgiev1995 or Email: [email protected]
Previous post Craigslist Malspam distributing Sigma Ransomware Next post UK Government Contractor Hacked over a Sensitive Military Information

Related Articles

NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

January 27, 2018Simeon Georgiev
NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

Ransomware: 4 Types of the Latest Trend in Cybercrimes

February 1, 2018Simeon Georgiev
Ransomware: 4 Types of the Latest Trend in Cybercrimes

NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

February 1, 2018Simeon Georgiev
NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

Latest on Ransomware TV

https://vimeo.com/399908876?loop=0

Recent Posts

  • How to protect your organization against ransomware reinfections
  • AuKill Helps Ransomware Operators Disable EDR and Security Tools
  • AI-ransomware is a real threat, just not a realistic one yet
  • Rorschach is the new speed king in the ransomware space
  • The Role of Supply Chain Breaches in Ransomware Attacks

Stay Protected

Subscribe to our mailing list to get the latest cyber security and ransomware removal articles!

Thank you for subscribing.

Something went wrong.

Navigation

  • Cyber Security
    • Ransomware File Recovery
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware Types
  • News
  • Tutorials

Ransomware Attacks (Last 6M)

0

Connect & Protect

Facebook
Google+
LinkedIn
YouTube
Vimeo

More

  • BECOME A CONTRIBUTOR

MonsterCloud Reviews

© 2020 MonsterCloud.com. All Rights Reserved.