New ransomware variant in the wild

A new variant of a piece of ransomware seen in the wild late last year has begun targeting users that made the mistake of landing on the site that serves it via drive by download.

Detected by Kaspersky experts, the variant presents the following differences:

  • The ransom .txt message presented to the victim contains a different e-mail address to which he is instructed to send the give serial key in order to get back the code that will decrypt the files. It also shows that the attackers have upped the price (from $120 to $125) and changed the payment method from wire transfer to ukash or psc pre-paid cards
  • Other technical differences include a different compression method of the sample and a custom file protector.

According to Kaspersky, the change of the payment method to ukash has also been detected in another ransomware campaign.

Once again, the experts advise users who are faced with the ransom message to unplug or shut down the computer as soon as they can – ideally immediately after the message pops up on the desktop.

The faster they manage to do that, the bigger the likelihood that some of the targeted files will remain unencrypted. “The encrypted files cannot be recovered because of the strong cryptography employed,” they say.

Once the computer is shut down, the only way to get to what’s left of the files is to take out the hard disk and install it on another machine as a slave, in order to prevent the encrypting process to be resumed.

In the end, the best solution for this kind of problem is to always and regularly backup your files, so that you can restore them whenever you need to.

More about

Don't miss