Share Blog post
Recently, a new variant of the BTCWare ransomware has been discovered recently. This new variant attaches the [email]-id-id.shadow extension to encrypted files. The BTCWare ransomware family targets victims by hacking into poorly protected remote desktop services and manually installing the ransomware.
Want Money ransomware
A crypto ransomware dubbed Want Money encrypts user files and extorts money to decrypt them. Once triggered, the malware encrypts the user files using AES-256 encryption. It restricts the chance for the users to restore files by deleting all the shadow copies or restore points.
A malware author by the name of Luc1F3R is peddling a new ransomware strain called Halloware for the lowly price of $40. The ransomware encrypts files using a hardcoded AES-256 key and prepends the "(Lucifer)" string to encrypted files. As the ransomware uses a hardcoded AES key and does not save any information on a remote server, recovering encrypted files is not possible.
Posted on: December 04, 2017
Get the Daily Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.