News

RIG exploit recruitment operators began to distribute the ERIS coder over the network

Security experts have long spoken about reducing the activity of exploit kits, many of them still remain “in service”, continue to improve and change the payload.

One of these long-known players’ researchers is the RIG exploit kit.

Recently, experts noticed that RIG began to distribute Eris encrypter, first seen in May 2019. Researcher Michael Gillespie was first to discovere an extortionist, when the malware appeared on the ID Ransomware.

Now an independent information security specialist, known under the pseudonym nao_sec, noticed that the new campaign of RIG uses Eris as the payload.

“A malvertising campaign using the popcash ad network is redirecting users to the RIG exploit kit. The kit will attempt to exploit a Shockwave (SWF) vulnerability in the browser. If successful, it will automatically download and install the ERIS Ransomware on to the computer”, — reported nao_sec.

The extortionist encrypts files of his victims, changing their extensions to .ERIS.

ERIS Encrypted Files

In each folder that was scanned, the extortionist also creates a redemption note with the name @ READ ME TO RECOVER FILES @ .txt, which instructs the victim to contact Limaooo@cock.li for payment instructions. A unique identifier is included in this ransom note, which the victim must send to the ransomware developer so that he can perform a free test transcript of a single file.

The researchers note that, unfortunately, there is no way to decrypt the files affected by Eris, without paying the ransom to the attackers.

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove Kabatibly.co.in Pop-up Ads

About Kabatibly.co.in Kabatibly.co.in pop-ups can not introduce out of nowhere. If you have clicked some…

19 hours ago

Remove Reditarcet.co.in Pop-up Ads

About Reditarcet.co.in Reditarcet.co.in pop-ups can not introduce out of the blue. If you have clicked…

19 hours ago

Remove Everestpeak.top Pop-up Ads

About Everestpeak.top Everestpeak.top pop-ups can not open out of the blue. If you have actually…

23 hours ago

Remove Firm-jawed.yachts Pop-up Ads

About Firm-jawed.yachts Firm-jawed.yachts pop-ups can not launch out of nowhere. If you have clicked some…

23 hours ago

Remove Anapurnatop.top Pop-up Ads

About Anapurnatop.top Anapurnatop.top pop-ups can not expose out of nowhere. If you have clicked on…

23 hours ago

Remove Boomira.com Pop-up Ads

About Boomira.com Boomira.com pop-ups can not open out of nowhere. If you have clicked on…

24 hours ago