Malware News New KeyPass Ransomware Campaign Underway

[LASER_oneXM]

Content source

https://www.bleepingcomputer.com/news/security/new-keypass-ransomware-campaign-underway/

A new distribution campaign is underway for a STOP Ransomware variant called KeyPass based on the amount of victims that have been seen. Unfortunately, how the ransomware is being distributed is unknown at this time.

Not much is known regarding how this ransomware is being distributed other than what people have posted in the BleepingComputer forums. According to some of the posts, the ransomware appeared after the user downloaded and installed cracks such as KMSpico. Other reports state that it appeared on its own and that the victim did not install anything.

Based on submissions to ID Ransomware there has been increased activity for this variant since the 8th with submissions from over 20 countries.

 

[silversurfer]

Source: Variant of KeyPass Trojan Takes Manual Control

Multiple researchers have identified a dangerous new variant of KeyPass ransomware, featuring a manual-control functionality, and according to Kaspersky Lab, the modified version mainly targets developing countries.

“For now, the most targeted regions are mainly developing countries – the modification primarily targets Brazil (19.51%) and Vietnam (14.63%). As the malware continues to spread worldwide via fake installers that download the ransomware module, experts have noticed a distinguishing feature: it can be used for manual attacks,” a Kaspersky Lab spokesperson wrote.

When the Trojan starts on the victim’s computer, it copies its executable to %LocalAppData%. After the executable launches, the malware then deletes itself from the original location but propagates multiple copies of its own process, “passing the encryption key and victim ID as command line arguments,” researchers wrote in a blog post.