New ransomware family exploiting poor security in remote desktop services

New ransomware family exploiting poor security in remote desktop services

Ransomware attack on Blackbaud impacted ten major universities

Researchers have uncovered a new ransomware family that is exploiting poor security credentials in remote desktop services and encrypting files.

Encryption keys used by the new ransomware family cannot be decrypted since they use new key generation, claims security researcher.

‘A new variant of what appears to be BTCWare ransomware is currently targeting victims and appending the .[email]-id-id.payday extension to encrypted files.

‘This family of ransomware targets its victims by hacking into poorly protected remote desktop services and manually installing the ransomware,’ said Bleeping Computer.

The site claims that the developer behind the new ransomware family is posting on its forums. The developer, named ‘payday_lock’, is asking affected users to make payments in BitCoins to get their files decrypted.

‘All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail,’ the developer wrote.

‘You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.

‘Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam,’ he warned.

The developer is also offering affected users ways to purchase Bitcoins online and has warned them not to try decrypting their files using third party software as the same may cause permanent data loss.

According to security researcher Michael Gillespie, files decrypted by the BTCWare ransomware cannot be decrypted as they use new key generation. These keys establish secure shell sessions between remote computers over insecure networks and generate keys using one of three different digital signature algorithms.

Fraser Kyne, EMEA CTO at Bromium, believes that lack of security hygiene in ‘next-gen’ technologies is the root cause of such potent ransomware attacks. Trying to detect ransomware after an infection has already taken place is a futile exercise, he says.

‘The inherent failing in security today is that ‘detect to protect’ is fundamentally flawed. Detecting ransomware once it has already hit the endpoint is pointless, the damage is done.

‘This is why businesses need to focus on protection – let the ransomware come through, but isolate and contain it in a virtual environment, so that the hacker has nowhere to go and no data to exfiltrate. Only by accepting ransomware as a part of life, and limiting the damage and profits that can made by it, will we start to see any turning of the tide,’ he adds.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]