A new payload of the RIG malware kit was discovered by the research team nao_sec, which specializes in tracking exploit packs. As Internet security specialists have found out, RIG exploits vulnerabilities in Internet Explorer browser to deliver cryptographer to target devices. Once on the machine, Buran copies itself to the folder with %APPDATA%\microsoft\windows\ctfmon.exe, and then proceeds to encode victim’s information.
According to analysts, the new malware does not delete shadow copies of the volumes, does not disable Windows automatic recovery mechanism, and does not clean the event logs.
Ransomware encodes all files on the disk, with the exception of the objects included in its stop list. Encryption does not affect files with the extensions COM, EXE, DLL, SYS, as well as some other formats. In addition, ransomware misses about forty folders, content of which may interfere with operation of the device.
For the infected computer, a unique computer identifier is created, which Buran also uses as the extension of the modified files. Message to the victim is contained in a text document with the name !!! your files are encrypted !!!. txt. Attackers offer victim to contact them by e-mail to get the KEY, and warn against attempting to recover the data on his own.
Researchers note that malware creates in the registry HKEY_CURRENT_USER\Software\Buran entries that are similar to the public and private encryption key, but it is not known whether it is possible to recover coded information using them.
RIG is currently one of the most active exploit packs. He replaced the Angler, Nuclear and Neutrino sets in 2016. RIG operators often contract to distribute ransomware and at various times delivered Matrix, Locky, CryptoShield and GandCrab to it with the help of encryption software.
Despite the general decline in the share of ready-made kits, RIG regularly appears in the field of view of information security specialists. So, last summer, he was spotted in the CEIDPageLock rootkit campaign.
Source: https://www.bleepingcomputer.com
About Pbmsoultions.com Pbmsoultions.com pop-ups can not launch out of the blue. If you have actually…
About Prizestash.com Prizestash.com pop-ups can not expose out of the blue. If you have actually…
About Verifiedbreaking.com Verifiedbreaking.com pop-ups can not launch out of nowhere. If you have actually clicked…
About Themoneyminutes.com Themoneyminutes.com pop-ups can not launch out of the blue. If you have actually…
About News-xcidizi.com News-xcidizi.com pop-ups can not introduce out of nowhere. If you have clicked some…
About Everytraffic-flow.com Everytraffic-flow.com pop-ups can not launch out of nowhere. If you have actually clicked…