New Ransomware Customizes Ransom Note with Victims’ Pictures and Data

November 14, 2016 3:27 pm David Bisson

Malware developers have designed a new sample of ransomware that customizes its ransom note with various details about its victims.

Bijay Limbu Senihang of the IT security firm Rigo Technology recalls his first impressions when he came upon the malware:

“At first, we thought this is just another variant of ransomware but after doing some analysis, we found that this malware does not encrypt any files but still ask for ransom.”

That’s right. No encryption whatsoever.

Instead the ransom note accuses the victim of having engaged in “suspicious activity” and acquired “materials that violates the intellectual property right.”

Like other scareware, the message issues a fake-sounding threat: unless the victim pays a fee of 45 USD in 24 hours, an alleged case against the victim will proceed to trial.

The attackers also promise they will publish the victim’s name, birthday, location, IP address, system details, Skype account details, Facebook account details, LinkedIn account details, and a whole slew of other information if they fail to pay up.

To back up that claim, the note displays all of the victim’s information as well as images of them taken from Facebook, LinkedIn, and their computer’s webcam.

Senihang sums it all up for us:

“In short, when this malware is infected in the PC, it will collect all the data of the victim, even capture the picture from the webcam and creates a ransom note which I described above and threatens the victim to pay ransom or they will leak their private data in public.”

At this time, Nuclear exploit kit is responsible for distributing the malware to users who visit a compromised WordPress website. Attackers can disguise the URL for that website as a link that appears to be legitimate.

The ransom message comes with a link to a payment website where victims can enter in their payment card details to pay the fee.

Acknowledging the malware’s tactics, it’s important that users learn to hover over URLs when they receive suspicious emails and to keep their systems up-to-date. Fortunately, organizations can help users strengthen their email and digital security by training their employees using a third-party security awareness software solution.

Does that sound of interest to your organization?

If so, contact Metacompliance and learn how its simulated phishing attacks and staff awareness solutions can protect your company’s workforce against this new phase in the ransomware scourge.