Equinix Data Center Giant Hit by Netwalker Ransomware, $4.5M Ransom
Ransomware attackers are demanding $4.5 million from Equinox
read morePublished on: January 31st, 2018
Security researchers have discovered a new strain of ransomware that encrypts users files and redirects users to an online page to pay the ransom via credit/debit card.
The ransomware is not under active distribution and appears to be still under development. First samples were spotted by security researcher MalwareHunter going back to January 15.
The ransomware identifies itself as MindLost, but Microsoft detects it as Paggalangrypt.
The ransomware works and does encrypt files. It targets a small number of file extensions but will search files on all the storage devices, with the exception of folders containing the strings:
Windows
Program Files
Program Files (x86)
The biggest clue that MindLost is still under development, is that this filter is not active yet. Searching and encrypting files on all the storage mediums is time consuming, so current MindLost samples bypass this behavior and only encrypt files in the “C:\\Users” folder. Stable versions will likely not feature this filter.
The file types it targets are:
.c
.jpg
.mp3
.mp4
.pdf
.png
.py
.txt
All encrypted files will receive a new extension .enc, such as a file named image.png will become image.png.enc.
Once the encryption ends, the MindLost ransomware will download an image from the below URL and set it as the computer’s new desktop wallpaper. This image contains instructions for recovering files.
MindLost ransom note
For persistence, MindLost also sets a registry key to ensure its executable is started after every reboot.
HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\Run
The ransom note instructs users to visit the following URL to buy a decrypter app that will decrypt files.
http://mindlost.azurewebsites[.]net
With an evolving business comes expanding technological needs. If your business is sending you any of these signs that it’s time to update your technology.
Ransomware attackers are demanding $4.5 million from Equinox
read moreCybersecurity executives claim working from home increases the risk of attacks.
read more© 2024 Computer Troubleshooters. Privacy Policy