The sphere of ransomware is expanding with time. Cybercriminals all over the world are now trying their luck in cryptovirological cyber attacks that promise quick payouts. Last month, a team of cyber malware hunters identified a cryptovirological strain developed and distributed by Indian operators, called RansomWarrior. This might be the first instance when security experts have discovered a ransomware strain originating from this region.
Work of Rookie
In the last two weeks, experts were analyzing the source code of the discovered cryptovirological strain that goes with the name RansomWarrior. It has been found out that the given ransomware is a work of amateur cryptovirological operators. There are multiple reasons why security researchers have come to this conclusion.
- The executable file used by the operators is not packed and obfuscated the way it usually is in the majority of cryptovirological strains.
- In addition, stream cipher is the encryption module used by the operators. This encryption algorithm is worked out on the binary platform and can be easily deciphered through the existing log of decryptors.
This means affected users don’t have to pay anyone for ransomware removal. They can easily do it on their own. However, it is always better to get the services of ransomware removal experts to ensure the complete disinfection of the affected device.
Like most of the ransomware operators, the perpetrators of RansomWarrior also demanded the ransom in Bitcoin. Interestingly, they also ‘advise’ older users to get help from younger acquaintances if they couldn’t understand the process of ransom payment for ransomware removal.
Several recent surveys suggest that cryptojacking is taking the lead on ransomware attacks. However, such cases demonstrate that there is still plenty of room for cybercriminals who are interested in locking down computers for the sake of extortion money. It is important to note that developing countries haven’t experienced the menace of ransomware with all its fury so far.
