New CommonRansom ransomware demands RDP access to infected systems as ransom
- The new ransomware demands not just payment but also RDP access to decrypt files.
- The ransomware also demands the infected systems’ IP address and admin credentials.
A new ransomware dubbed CommonRansom was recently discovered. Unlike other ransomware variants, CommonRansom not only demands a Bitcoin payment but also demands that victims provide remote desktop protocol (RDP) access.
CommonRansom, which was discovered by security researcher Michael Gillespie, Bleeping Computer reported. Along with 0.1 bitcoins, the ransomware also demands the infected systems’ IP address and admin credentials.
The cybercriminals behind the ransomware prompt victims to send across the system details and the bitcoin ransom to an email address - email@example.com. Providing the attackers with RDP access and admin credentials could result in victims losing complete control over their systems. With RDP access, the attackers can not only steal or delete data but also install additional malware.
According to Bleeping Computer, the bitcoin address being used by the attackers has seen some activity in the past. It appears that the attackers recently transferred 65 bitcoins to another bitcoin address, which has previously received transactions from over 11,000 bitcoin addresses.
At present, CommonRansom does not appear to be a major threat. This may either indicate that the ransomware is still in the development and testing stage, or that the attackers operating the ransomware may be going after a select group of targets.