Kovter Click-Fraud Malware Evolves Back into Ransomware

Exterminator

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Content source
http://news.softpedia.com/news/kovter-click-fraud-malware-evolves-back-into-ransomware-503110.shtml
Security researchers from Check Point are reporting on a change in the Kovter malware's mode of operation, which has slowly morphed into a weak crypto-ransomware variant.

Kovter started out in 2013 as a simplistic ransomware version that was locking people's computers and showing a message asking them to pay a fine or face legal action. In most cases, this message was posted using insignia and graphics specific to local law enforcement, depending on the user's country of origin.

Kovter evolved from ransomware to click-fraud malware and back again
As these types of ransomware campaigns started to become ineffective, by 2014, Kovter evolved and specialized in click-fraud activities, loading and clicking on ads behind the user's back.

This lasted for two years, during which time, the malware became famous for its fast pace at which it evolved, always adding new features.
The peak of this neverending update cycle was reached last autumn, when Kovter became a fileless threat, living in the infected PC's memory and Windows registry.

As ransomware has started to become a big business in the last few months, Kovter's authors are now jumping on the bandwagon and have decided to evolve Kovter's codebase once again, bringing it back to where it all started.

Kovter ransomware encryption can be defeated
This new version of the Kovter ransomware does not look like the original version at all because, instead of locking users' PCs, Kovter now encrypts their files.

Luckily, Check Point says that Kovter can't yet rival Locky or TeslaScrypt just yet, and that its encryption can be defeated. As researchers have explained, Kovter does not encrypt all the files, but only the first few bytes of each file, and then stores the encryption key on disk. This decryption key can be discovered and used to unlock all encrypted files.

Unfortunately, Check Point hasn't released a decrypter for this ransomware, meaning there's no simple point-and-click solution to recover the files, and infected users might need the help of a professional to get their data back.

What's strange about Kovter is that its authors seem to have been preoccupied more with avoiding antivirus detection, rather than using a strong encryption algorithm. If a Kovter ransomware decrypter becomes available, we'll keep you posted and update this article.
Click to expand...
 
  • Like
Reactions: Jack, Jrs30, Der.Reisende and 2 others
E

Entreri

Level 7
Verified
May 25, 2015
342
Lots of money to be made from ransomware, billions.

With the weakening of security, due to effort by FBI et al, it will be a wonderful time to be a cyber criminal, especially to attack the US.
 
  • Like
Reactions: Der.Reisende
You must log in or register to reply here.

Similar threads

Shadowra
    • +Reputation
    • Like
Malware News StopCrypt: Most widely distributed ransomware evolves to evade detection
Replies
3
Views
996
Security News
Victor M
Victor M
Gandalf_The_Grey
    • +Reputation
    • Like
Free Key Group ransomware decryptor helps victims recover data
Replies
0
Views
980
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
[correlate]
    • Like
    • +Reputation
    • Wow
Dallas says Royal ransomware breached its network using stolen account
Replies
0
Views
1,118
News Archive
[correlate]
[correlate]

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top