- Jan 24, 2011
- 9,378
Over the last two weeks, the Kelihos spam botnet has been busy spreading the latest version of the Shade ransomware (also known as Troldesh), which now appends the ".no_more_ransom" extension at the end of each encrypted file.
Their gesture is a sign of irony, as the NoMoreRansom project has released a free decrypter over the summer that can help victims unlock files encrypted by this threat.
Shade ransomware uses JS files for the first time
This most recent campaign used the Kelihos botnet to send the spam messages that spread this threat. For this particular campaign, according to Arsh Arora, a malware analyst and Ph.D. researcher at the University of Alabama at Birmingham, crooks used emails that contained a malicious downlaod link.
The link downloaded a zipped JavaScript (JS) file or a Word document. If executed, the JS file would download and install a version of the Shade ransomware, while the Word document would use macros to the same thing.
Researchers noted that this was the first time they've seen Shade use JS files to infect victims. Most of this spam disguised as credit and banking-related emails.
Read more: Kelihos Botnet Delivering Shade (Troldesh) Ransomware with No_More_Ransom Extension
Their gesture is a sign of irony, as the NoMoreRansom project has released a free decrypter over the summer that can help victims unlock files encrypted by this threat.
Shade ransomware uses JS files for the first time
This most recent campaign used the Kelihos botnet to send the spam messages that spread this threat. For this particular campaign, according to Arsh Arora, a malware analyst and Ph.D. researcher at the University of Alabama at Birmingham, crooks used emails that contained a malicious downlaod link.
The link downloaded a zipped JavaScript (JS) file or a Word document. If executed, the JS file would download and install a version of the Shade ransomware, while the Word document would use macros to the same thing.
Researchers noted that this was the first time they've seen Shade use JS files to infect victims. Most of this spam disguised as credit and banking-related emails.
Read more: Kelihos Botnet Delivering Shade (Troldesh) Ransomware with No_More_Ransom Extension
