New ransomware dubbed ‘JNEC.a’ propagates by exploiting the WinRAR ACE vulnerability. Researchers noted that this the first ransomware that spreads through the 19-year-old WinRAR ACE exploit.
More details on the ransomware
Worth noting - Once the ransomware encrypts files in a computer, it generates a Gmail address that victims need to create through which they will receive the decryption key.
The big picture
“Warning!!!Possibly the first #ransomware (vk_4221345.rar) spread by #WinRAR exploit (#CVE-2018-20250). The attacker lures victims to decompress the archive through embedding a corrupt and incomplete female picture. It renames files with .Jnec extension,” 360 Threat Intelligence Center tweeted.
Security researcher Michael Gillespie analyzed the ransomware and confirmed that even the malware author of the ransomware cannot decrypt the files.
“PSA: DO NOT PAY. The criminals fucked up the key usage and even they cannot decrypt people's files,” Gillespie tweeted.
The bottom line - Researchers recommend users to upgrade to the latest version of WinRAR in order to avoid such attacks.