Hackers giving up on crypto ransomware. Now they just lock up device, hope you pay
Talks Tor, abuses kidnapped machines but doesn’t encrypt
Malware slingers have gone back to basics with the release of a new strain of ransomware malware that locks up compromised devices without encrypting files.
The infection was discovered on a porn site that redirects users to an exploit kit that pushes the ransom locker malware. Researchers at Cyphort Labs who discovered the threat said it was the first of its kind that they had seen in some time.
The success of file-encrypting ransomware such as CryptoLocker, CryptoWall, Locky has rendered earlier system locker malware unfashionable if not obsolete. Ransom lockers can be normally be cleaned by using “rescue discs”, unlike file-scrambling malware strains.
The latest strain represents an advancement of ransom locker malware as it is using Tor to communicate to its command and control servers. The Windows nasty prevents users from booting in safe mode.
Researchers at Cyphort Labs conclude that the malware slingers are testing the waters with a strain of malware that still in its early stages of development.
“This new discovery is an advancement of ransom locker malware as it is using Tor to communicate to its CnC servers,” Cyphort’s Paul Kimayong explains in a blog post. “By using Tor, the attacker adds a layer of anonymity while doing its malicious activity.”
“Also, while the attacker got your machine kidnapped, they created a Tor hidden service that allows the attacker to utilise your system for bitcoin payments or other malicious activity,” Kimayong added. ®