New crypto-ransomware "quarantines" files, downloads info-stealer

Petrovic · Apr 7, 2015

researchers have found and analyzed a new piece of crypto-ransomware: CryptVault encrypts files, makes them look like files quarantined by an AV solution, asks for ransom and, finally, downloads info-stealer malware.

It arrives on target computers after the user has been tricked into downloading and running a malicious attachment - a Javascript file - that downloads four files: the ransomware itself, SDelete (a MS Sysinternals tool that will be used to delete files), GnuPG (legitimate open source encryption tool), and a GnuPG library file.

Full Article

starchild76 · Apr 7, 2015

these bastards are getting more inventive by the day! thanks for sharing! @Petrovic

Secondmineboy · Apr 7, 2015

At some point malware will be able to bypass every AV thats on the market right now

AVs might be dead at some point

StriderHunterX · Apr 7, 2015

This is getting scary by the day.I wanted to create a topic about TeslaCrypt(I have not seen a topic about it here) and my experience with it...

It was not good at all.ECC files everywhere....with no hope of unlocking them.

Backups and Images are becoming more crucial than ever.

tallorder · Apr 7, 2015

So are 'how to's' about exactly how to use the back up tools out there. As a novice, I was thwarted at option 1, and have yet to do any.

soccer97 · Apr 12, 2015

Have we thought about using Group Policy (gpedit.msc) to prevent installations in certain directories? This of course can have it's drawbacks as it may sometimes prevent legitimate software being installed.

Search

New crypto-ransomware "quarantines" files, downloads info-stealer

Petrovic

Level 64

starchild76

Secondmineboy

Level 26

StriderHunterX

Level 5

tallorder

Level 6

soccer97

Level 11

Similar threads