Share Blog post
Recently, a new variant of the BTCWare ransomware has been discovered recently. This new variant attaches the [email]-id-id.shadow extension to encrypted files. The BTCWare ransomware family targets victims by hacking into poorly protected remote desktop services and manually installing the ransomware.
Want Money ransomware
A crypto ransomware dubbed Want Money encrypts user files and extorts money to decrypt them. Once triggered, the malware encrypts the user files using AES-256 encryption. It restricts the chance for the users to restore files by deleting all the shadow copies or restore points.
A malware author by the name of Luc1F3R is peddling a new ransomware strain called Halloware for the lowly price of $40. The ransomware encrypts files using a hardcoded AES-256 key and prepends the "(Lucifer)" string to encrypted files. As the ransomware uses a hardcoded AES key and does not save any information on a remote server, recovering encrypted files is not possible.
Posted on: December 04, 2017
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.