Security News CommonRansom Ransomware Demands RDP Access to Decrypt Files

[LASER_oneXM]

Content source

https://www.bleepingcomputer.com/news/security/commonransom-ransomware-demands-rdp-access-to-decrypt-files/

A new ransomware called CommonRansom was discovered that has a very bizarre request. In order to decrypt a computer after a payment is made, they require the victim to open up Remote Desktop Services on the affected computer and send them admin credentials in order to decrypt the victim's files.

CommonRansom was discovered by Michael Gillespie after a victim uploaded a ransom note and an encrypted file to his ID Ransomware service.

When encrypting a victim's computer, it will append the .[old@nuke.africa].CommonRansom extension to encrypted files. It will also create a ransom note named DECRYPTING.txt, which is displayed below.

This is a request that no one should ever comply with as once the attackers are connected, you lose access to your screen and have no idea what they are doing. They may decrypt your files, but at the same time they may also install further malware onto your computer, delete files, or steal data.

 

[ChemicalB]

Very sneaky ransomware, and of course, criminals are not reliable by definition.

 

[Eddie Morra]

Do not encourage them by paying the ransom.

If they got you once, don't let them get you twice.

 

[LASER_oneXM]

source (emsisoft.com): The smartest way to stay unaffected by ransomware? Backup!
source (bleepingcomputer.com): Best Defensive Strategy against ransomware (crypto malware)

 

[YURY]

The most reliable way to minimize the effects of encryption is to make backups.