Ransomware has been known as nasty pieces of software that take your computer files hostage and then demand money in exchange for setting the files free. There have been many variants on the Internet, like one which not only encrypts files, but also alters the boot process. A new version of the infamous malware has been discovered, which seems to have a more personal attack on victims.
Called 'Maktub Locker,' the ransomware starts hooking its victims through an innocent-looking email, which may come from a legitimate-looking email address. The email usually contains a demand for money from an overdue invoice. What sets this ransomware apart is that it seems to have an idea of where the victim lives, including their home address inside the message.
Moreover, the message contains a link that allegedly opens a printable version of the document mentioned. Clicking on the link will download what looks like a Word document. The file will open, but it is unknown to the user that the download is performing another operation in the background, which is encrypting the user's files.
Once the encryption is done, the program will lock the user out of their computer and display a message stating that their personal files have been encrypted. A timer is also displayed, indicating how much time a victim has left in order to pay the ransom. The payment starts at 1.4 Bitcoins (~$588), and rises as time passes.
Another remarkable trait of the program is that it does not need an internet connection to encrypt files. Furthermore, it also scrambles a victim's files, similar to CryptoWall, in order to hide the files and cause confusion for the user even more.
According to a report from BBC, a number of companies became victims of the scam. Since the email sent to victims contained a message from a company who they allegedly owe money to, victims have been making calls to the company included in the email, who in turn stated that they have no idea where the messages came from, or how the email was able to know their home addresses.
However, according to Rahul Kashyap of Bromium Labs in an email to ZDNet, the scam is employing a social engineering technique to connect better with users, and give a better sense of urgency.
"It appears that the scammers are leveraging some sort of database that has home addresses publicly available and using this for the scam," said Kashyap.
Finally, according to the Maktub program itself, there are ways to delete the program from a victim's computer, but only by resorting to payment to the perpetrators can the victims be able to retrieve their files.
Source: ZDNet, Malwarebytes Blog | Image via Bleeping Computer
21 Comments - Add comment