Malware asks for payment in BitCoins for ransom of informa …

March 31, 2014

BitcoinFrom an email with an attached image, a malware is downloaded that encrypts the system files and asks the victim to make a payment in order to obtain the key that would allow them to access the documents

The ESET Latin America Research Laboratory identified a malware that encrypts files, documents and images system and then request a ransom in BitCoins through a site hosted on the Deep web and that at the level of spread affects Latin American countries such as Argentina, Brazil, Colombia and Mexico.

The attack originates with a email with an attachment that pretends to contain an image. However, when the file is opened, the user downloads a threat that evades the system’s protections and then executes another process, which will connect it to a URL to download a second threat. This file is a ransomware known as FileCoder which, once run, retrieves system information and then creates a key and encrypt user documents.

In order to obtain the key to decrypt the data, a period of one month is given and the cost of the ransom increases as time passes. In order to earn money, cybercriminals show the ransom request to the user, leaving instructions on how the victim should do to recover their files. When the malware finishes encrypting the data, it opens a browser and shows the victim a site hosted on the Deep Web, with the steps to follow to pay a sum in BitCoins, if they want to recover their information. At the time of analyzing this malicious code, the cost that the victim had to pay to recover their files is US $ 1000, which has a BitCoins equivalent of 1.92.

If the user really wants to recover his files, because he does not have a backup Either it is critical or confidential information, you must acquire the BitCoins and make the transfer to the cybercriminals. In order to pay the ransom, the victim must have access to the TOR network since the domain in which the panel is hosted to make the payment corresponds to a .onion domain.

“These types of situations highlight the importance of carrying out backups on a regular basis In order to recover the information, do not download or execute files that come from emails without first analyzing them with a security solution”Said Pablo Ramos, ESET Latin America Malware Laboratory Coordinator.

According to information from ESET’s Early Warning systems, since the appearance of this attack on March 20, spread to more than 50 countries and affected more than 15,000 users. Among the countries where this threat has been seen are several in Latin America includingthe information, do not download or execute files that come from emails without first analyzing them with a security solution”Said Pablo Ramos, ESET Latin America Malware Laboratory Coordinator.

[+] Videos de nuestro canal de YouTube