Kovter Click-Fraud Malware Evolves Back into Ransomware

[Exterminator]

Content source

http://news.softpedia.com/news/kovter-click-fraud-malware-evolves-back-into-ransomware-503110.shtml

Security researchers from Check Point are reporting on a change in the Kovter malware's mode of operation, which has slowly morphed into a weak crypto-ransomware variant.

Kovter started out in 2013 as a simplistic ransomware version that was locking people's computers and showing a message asking them to pay a fine or face legal action. In most cases, this message was posted using insignia and graphics specific to local law enforcement, depending on the user's country of origin.

Kovter evolved from ransomware to click-fraud malware and back again
As these types of ransomware campaigns started to become ineffective, by 2014, Kovter evolved and specialized in click-fraud activities, loading and clicking on ads behind the user's back.

This lasted for two years, during which time, the malware became famous for its fast pace at which it evolved, always adding new features.

The peak of this neverending update cycle was reached last autumn, when Kovter became a fileless threat, living in the infected PC's memory and Windows registry.

As ransomware has started to become a big business in the last few months, Kovter's authors are now jumping on the bandwagon and have decided to evolve Kovter's codebase once again, bringing it back to where it all started.

Kovter ransomware encryption can be defeated
This new version of the Kovter ransomware does not look like the original version at all because, instead of locking users' PCs, Kovter now encrypts their files.

Luckily, Check Point says that Kovter can't yet rival Locky or TeslaScrypt just yet, and that its encryption can be defeated. As researchers have explained, Kovter does not encrypt all the files, but only the first few bytes of each file, and then stores the encryption key on disk. This decryption key can be discovered and used to unlock all encrypted files.

Unfortunately, Check Point hasn't released a decrypter for this ransomware, meaning there's no simple point-and-click solution to recover the files, and infected users might need the help of a professional to get their data back.

What's strange about Kovter is that its authors seem to have been preoccupied more with avoiding antivirus detection, rather than using a strong encryption algorithm. If a Kovter ransomware decrypter becomes available, we'll keep you posted and update this article.

 

[Entreri]

Lots of money to be made from ransomware, billions.

With the weakening of security, due to effort by FBI et al, it will be a wonderful time to be a cyber criminal, especially to attack the US.