Security experts hebben lang gesproken over het verminderen van de activiteit van exploit kits, velen van hen blijven nog steeds "in dienst", blijf de payload verbeteren en wijzigen.
dene of these long-known players’ onderzoekers is de RIG-exploitkit.Kort geleden, experts merkten op dat RIG Eris-encrypter begon te distribueren, voor het eerst gezien in mei 2019. onderzoeker Michael Gillespie was first to discovere an extortionist, when the malware appeared on the ID Ransomware.
Now an independent information security specialist, known under the pseudonym geen_sec, noticed that the new campaign of RIG uses Eris as the payload.
“A malvertising campaign using the popcash ad network is redirecting users to the RIG exploit kit. The kit will attempt to exploit a Shockwave (SWF) vulnerability in the browser. If successful, it will automatically download and install the ERIS Ransomware on to the computer”, — reported nao_sec.
The extortionist encrypts files of his victims, changing their extensions to .Over ERIS.
In each folder that was scanned, the extortionist also creates a redemption note with the name @ READ ME TO RECOVER FILES @ .txt, which instructs the victim to contact Limaooo@cock.li for payment instructions. A unique identifier is included in this ransom note, which the victim must send to the ransomware developer so that he can perform a free test transcript of a single file.
The researchers note that, helaas, there is no way to decrypt the files affected by Eris, without paying the ransom to the attackers.
