보안 전문가들은 오랫동안 이용 키트의 활동을 감소에 대해 말한, 여전히 "서비스"남아있는 그들 중 많은, 지속적으로 개선하고, 페이로드를 변경.One of these long-known players’ 연구진은 RIG이 키트를 이용하다.
요새, 전문가들은 RIG는 에리스 암호기를 배포하기 시작했다 것으로 나타났습니다, 첫째 월에 볼 2019. 연구원 마이클 길레스피 was first to discovere an extortionist, when the malware appeared on the ID Ransomware.
Now an independent information security specialist, known under the pseudonym nao_sec, noticed that the new campaign of RIG uses Eris as the payload.
“A malvertising campaign using the popcash ad network is redirecting users to the RIG exploit kit. The kit will attempt to exploit a Shockwave (SWF) vulnerability in the browser. If successful, it will automatically download and install the ERIS Ransomware on to the computer”, — reported nao_sec.
The extortionist encrypts files of his victims, changing their extensions to .ERIS.
In each folder that was scanned, the extortionist also creates a redemption note with the name @ READ ME TO RECOVER FILES @ .txt, which instructs the victim to contact Limaooo@cock.li for payment instructions. A unique identifier is included in this ransom note, which the victim must send to the ransomware developer so that he can perform a free test transcript of a single file.
The researchers note that, 운수 나쁘게, there is no way to decrypt the files affected by Eris, without paying the ransom to the attackers.