New Member Of Teslacrypt Ransomware Family Surfaces
NEW MEMBER OF TESLACRYPT RANSOMWARE FAMILY SURFACES
Kaspersky Lab has detected curious behavior in a new threat from the TeslaCrypt ransomware encryptor family. Malware from the TeslaCrypt family is distributed using exploit kits such as Angler, Sweet Orange, and Nuclear.
This method of malware distribution works as follows: When a victim visits an infected website, an exploit’s malicious code uses vulnerabilities in the browser, typically in plugins, to install target malware on the target system.
In version 2.0 of the Trojan notorious for infecting computer gamers, an HTML page is displayed in the web browser, directly mimicking CryptoWall 3.0.
When TeslaCrypt infects a new victim, it generates a unique Bitcoin address to receive the victim’s ransom payment and a secret key to withdraw it. Moreover, the secret key with which user files get encrypted is not saved on the hard drive, which makes the process of decrypting the user files significantly more complicated.
EXTORTION THREAT TO VIRTUAL SERVERS FROM RUSSIAN GUARDIANS
Law enforcement partners informed CERT-UK of a number of incidents in which companies have had their virtual servers wiped and the contents held ransom by actors calling themselves the Russian Guardians.
It appears that the actors use a vulnerability in OpenSSL to gain access to virtual servers. VMware released an advisory confirming that some of its products, in particular ESXi, are vulnerable to this type of attack.
Once they gain access to the server, the actors seemingly remove all data present and leave behind a single file with a message demanding that payment be made in exchange for the safe return of the server contents. There is some discussion in online forums that, in many cases, the length of time the actors have access to a server would be insufficient to remove all the data.
|220.127.116.11 – NEW||18.104.22.168|
|22.214.171.124 – NEW||126.96.36.199|
|188.8.131.52 – NEW||184.108.40.206 – NEW|
|220.127.116.11 – NEW||18.104.22.168 – NEW|
|22.214.171.124 – NEW||126.96.36.199 – NEW|
|188.8.131.52 – NEW||184.108.40.206 – NEW|
|220.127.116.11 – NEW||18.104.22.168 – NEW|
|22.214.171.124 – NEW||7126.96.36.199 – NEW|
|188.8.131.52 – NEW||184.108.40.206 – NEW|
SCHEDULE A DEMO
Want to learn about Alert Logic products in more detail? Call us direct at +1.877.484.8383, for the UK call +44 (0) 203 011 5533, or complete this form. An Alert Logic representative will contact you soon.