Connect with us

The Online Technology

DeathRansom, started as a mere joke is now encrypting files! – E Hacking News


Security Watch

DeathRansom, started as a mere joke is now encrypting files! – E Hacking News

[ad_1]

A ransomware strain named DeathRansom, which was considered a joke earlier, evolved and is now capable of encrypting files, cyber-security firm Fortinet reports.
This DeathRansom after becoming an actual malware, was backed by a solid distribution campaign and has been taking victims daily in the last two months.

 Initially considered a joke – didn’t encrypt anything 

 When it was first reported in Nov 2019, the DeathRansom version didn’t encrypt anything and was deemed a mere joke. The infection left a simple ransom note and even though some people fell for the scam and paid the ransom demand, it didn’t do much anything else.

All the user had to do was to remove the second extension from the file to regain access.

 Now, a new version is released that actually works and will encrypt your files! 

 The developers seems to have evolved the malware further with a solid encryption scheme that works as an actual ransomware.
According to Fortinet, “the new DeathRansom strains use a complex combination of Curve25519 algorithm for the Elliptic Curve Diffie-Hellman (ECDH) key exchange scheme, Salsa20, RSA-2048, AES-256 ECB, and a simple block XOR algorithm to encrypt files.”

Real Life. Real News. Real Voices

Help us tell more of the stories that matter

Become a founding member

 Researchers and security experts are searching leek ways and implementation faults in the ransomware.

 The DeathRansom Author

 Fortinet examined the DeathRansom source code and the websites distributing the malware payloads and were able to track down the ransomware author and developer.
The developer is a malware operator linked to various cyber crimes campaigns over the past few years. Prior to DeathRansom, the malware operator used to infect users with multiple password stealers (Vidar, Azorult, Evrial, 1ms0rryStealer) and cryptocurrency miners (SupremeMiner).

 Fortinet linked these crimes to young Russian named Egor Nedugov, living in Aksay, a small Russian town near Rostov-on-Don.
Fortinet said,”They are very confident they found the right man behind DeathRansom, and that they found even more online profiles from the same actor which they didn’t include in their report.”

 As of now, DeathRansom is being distributed through phishing emails. Fortinet says it’s working on finding any faults in the encryption scheme of the ransomware and creating a free decrypter to help victims.



[ad_2]

Source link

Subscribe to the newsletter news

We hate SPAM and promise to keep your email address safe

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

To Top