Zuhause » Nachrichten » RIG ausnutzen Rekrutierung Betreiber begann die ERIS Coder über das Netzwerk zu verteilen

RIG ausnutzen Rekrutierung Betreiber begann die ERIS Coder über das Netzwerk zu verteilen

Security experts have long spoken about reducing the activity of exploit kits, many of them still remain “in service”, continue to improve and change the payload.

diene of these long-known playersresearchers is the RIG exploit kit.

Vor kurzem, experts noticed that RIG began to distribute Eris encrypter, first seen in May 2019. Forscher Michael Gillespie was first to discovere an extortionist, when the malware appeared on the ID Ransomware.

Now an independent information security specialist, known under the pseudonym nao_sec, noticed that the new campaign of RIG uses Eris as the payload.

“A malvertising campaign using the popcash ad network is redirecting users to the RIG exploit kit. The kit will attempt to exploit a Shockwave (SWF) vulnerability in the browser. If successful, it will automatically download and install the ERIS Ransomware on to the computer”, — reported nao_sec.

The extortionist encrypts files of his victims, changing their extensions to .ERIS.

ERIS Encrypted Files
ERIS Encrypted Files

In each folder that was scanned, the extortionist also creates a redemption note with the name @ READ ME TO RECOVER FILES @ .txt, which instructs the victim to contact Limaooo@cock.li for payment instructions. A unique identifier is included in this ransom note, which the victim must send to the ransomware developer so that he can perform a free test transcript of a single file.

The researchers note that, unfortunately, there is no way to decrypt the files affected by Eris, without paying the ransom to the attackers.

[Gesamt:0    Durchschnitt: 0/5]
LESEN  Dharma Bum Ransomware gelernt, wie man auf rechtliche Antiviren-Programme Parasite

Über Trojan Mörder

Tragen Sie Trojan Killer-Portable auf Ihrem Memory-Stick. Achten Sie darauf, dass Sie in der Lage sind, Ihr PC keine Cyber-Bedrohungen widerstehen zu helfen, wo immer Sie sind.

überprüfen Sie auch

Trojan Bolik Masken unter NordVPN

Bank Bolik Trojan Masken selbst unter NordVPN

Doctor Web Experten davor gewarnt, dass Angreifer verwenden Kopien von beliebten Dienste Websites Bolik zu verteilen …

Tor DDoS-Angriffe sind billig

DDoS-Attacken, die langsame Leistung Tor-Netzwerk recht billig sind

Experten von der Georgetown University und der US-Marine Research Laboratory präsentiert einen interessanten Bericht an …

Hinterlasse eine Antwort