DeathRansom – A New Strain of Ransomware Causes an Outrage
A malignant strain of ransomware called as DeathRansom is causing damage to network drive files by implementing encryption algorithms. When it had first cropped up in November 2019, it wasn’t a threat that was to be taken seriously. The ransomware would simply create a false atmosphere of danger by simply appending the so-called encrypted files with a different file extension. Victims could easily recover their files by removing the false extension.
However, this amateur threat has burgeoned into something that has the potential to cause much more severe damage.
Fortinet Security has done some digging into the ransomware and the results are that the ransomware is evolving. The ransomware, known as DeathRansom has moved past ‘make-believe’ encryption to using a combination of strong encryption techniques to make the files totally useless for the victim. The ransomware starts by iterating through the file system to understand the type and number of files present. In single or multiple passes, it starts scrambling the files one by one. The intention of blackmail becomes apparent due to the fact that the ransomware is avoiding encrypting crucial file structures like Windows Internal folders, Program Files etc. This behaviour tells us the ransomware’s interest lies only in making sure that the victim cannot access his/her data, thus allowing the cybercriminal to extort them later for money.
“The New version capable of encryption includes a combination of Curve25519 algorithm for the Elliptic Curve Diffie-Hellman (ECDH) key exchange scheme, Salsa20, RSA-2048, AES-256 ECB, and a simple block XOR algorithm to encrypt files,” says Fortinet.
What is a little worrisome about this ransomware’s capability, is its power to understand the ‘environment’ of the machine. It does so by sifting through the language settings of the computer and determining whether it is from Eastern European countries. If this is indeed the case, the malicious code does not move ahead with the encryption.
Once the encryption process is complete, DeathRansom leaves a ransom note which includes a lock-ID unique to every user. This is how the victim is blackmailed; if he/she does not pay money, the files won’t be decrypted.
Research is still going on to trace the source of DeathRansom, and hopefully, efforts will be taken soon to catch the criminals responsible.
Preventing this from happening to you
Organizations today are faced with growing complexities everywhere from continuously evolving automated targeted cyber threats on the network, applications & programs to keeping abreast with the most current security patch updates.
There are a bunch of Cyber Security services & products that Logix deploys & manages, spanning Antivirus, Firewall, ISFW , WebProxy , ISE , NAC , IPS , Web Applications Firewall & 2 Factor Authentication solutions. Our core team of experts consult and design network and security systems for customers, covering both On-Premise and Cloud Managed Services. We plan & build a robust end-to-end service from project inception to network security installation to completion & handover. If you’re looking for a cybersecurity provider, we’d love to hear from you.