AVG security researcher Jakub Kroustek has discovered a new ransomware that's targeting only Russian-speaking users named Enigma, which, under certain conditions, can allow users to recover some of their files using Shadow Volume Copies.
Analyzed by researchers from MalwareHunterTeam and Bleeping Computer, the ransomware encrypts files with the now de-facto AES-RSA dual encryption model, and then stores the encryption key on the computer's Desktop in the form of a file named ENIGMA_[NUMBER].RSA.
If users want the decryption key, they'll have to pay crooks 0.4291 Bitcoin, which is about $200. As with other ransomware families, payment must be made by accessing a browser on the Tor network, via the Tor Browser. On the payment site they'll be asked to upload the file mentioned above.
Enigma ransomware uses HTML files to deliver its payload.
[...]
Full Article: We're Currently Safe: New Enigma Ransomware Targets Only Russian Users
Analyzed by researchers from MalwareHunterTeam and Bleeping Computer, the ransomware encrypts files with the now de-facto AES-RSA dual encryption model, and then stores the encryption key on the computer's Desktop in the form of a file named ENIGMA_[NUMBER].RSA.
If users want the decryption key, they'll have to pay crooks 0.4291 Bitcoin, which is about $200. As with other ransomware families, payment must be made by accessing a browser on the Tor network, via the Tor Browser. On the payment site they'll be asked to upload the file mentioned above.
Enigma ransomware uses HTML files to deliver its payload.
[...]
Full Article: We're Currently Safe: New Enigma Ransomware Targets Only Russian Users
