New Ransomware RANSOM_CRYPTEAR.B Destroys Your Files

RANSOM_CRYPTEAR.B

A new ransomware has been detected which encrypts users files with no hope of retrieval. Discovered by researchers at Trend Micro, RANSOM_CRYPTEAR.B is a strain of ransomware that encrypts files and destroys the decryption key, essentially locking up your files indefinitely. The malware was first detected on compromised website in Paraguay that would redirect users to the ransomware’s landing page.

Security researcher Utku Sen coded an open source ransomware and shared the code for educational purposes. Whoever, the code contained a crypto flaw that would allow Mr.Sen to decrypt the files. The real purpose was to catch would-be cyber attackers using his code. This did not deter the cyber-attacker, who in a stroke of irony destroyed the decryption key altogether. Even if an affected user were to pay the ransom, they would receive no key because there is none.

RANSOM_CRYPTEAR.B ransom message written in Portuguese. Source: blog.trendmicro.com

RANSOM_CRYPTEAR.B ransom message written in Portuguese. Source: blog.trendmicro.com

The vector used to spread the malware was a hacked website in Paraguay. According to Analyst at Trend Micro, the first site was compromised between September 15 to December 18. The site redirects the users to the malware’s landing page where they are prompted to download a Flash Player update. The file will automatically install itself and encrypt the system.

RANSOM_CRYPTEAR.B progression topology

RANSOM_CRYPTEAR.B progression topology. Source: http://blog.trendmicro.com

As of now security researchers are working together to find a way around the malware encryptions. Mr Sen posted on Twitter that the decryption key is not needed and asking Trend Micro to send him the malware. Mr. Sen has garnered a lot of criticism for releasing the code for ransomware for anyone to use. While his intention “might” have been noble, there is a chance that knowledge will be used the wrong way. Furthermore, once the method of removing the ransomware is released, a savvy individual might be able to reverse engineer it and develop an efficient one.

As stated before this year has shown increased activity in the malware. RANSOM_CRYPTEAR.B is just another ransomware to add to the surge of malware usage. This trend will likely continue since cyber criminal is not the only ones creating malware, apparently good Samaritans can make them as well. However, the real culprits behind the spike in cyber attacks this year are flash vulnerabilities.

2 thoughts on “New Ransomware RANSOM_CRYPTEAR.B Destroys Your Files

Leave a Reply

Your email address will not be published. Required fields are marked *