- Jul 22, 2014
- 2,525
A new Ransomware-as-a-Service (RaaS) portal named Dot-Ransomware is behind the Unlock26 ransomware discovered this past week.
First spotted two days ago, this ransomware operation is quite unique as it features a very minimal and direct style, with little-to-no instructions and simple-designed ransom notes and ransom payment portal.
Based on two messages left on the Dot-Ransomware homepage, this entire operation launched on Tuesday, February 19, when the website was set up.
.........
.........
Dot-Ransomware, Unlock26 appear to be under development
But user instructions are not the only things missing from Dot-Ransomware and Unlock26.
For example, if users wanted to pay, they wouldn't even know the amount of Bitcoin they'd need to send, since the Unlock26 payment site doesn't list the decryption price, but shows a math function instead: 6.e-002 BTC. This is weird, to say the least, unless you really want people not to pay the ransom.
Putting this detail together with the error seen in one section of the builder (screenshot above), and with the fact that no users have reported Unlock26 infections as of now, we can say safely say this ransomware and its RaaS are still under development, and not yet ready to be deployed. Let's hope its author gets bored in a few days and drops the service entirely, but we doubt it will happen after working so hard to reach this advanced stage of development.
Special thanks to MalwareHunter, who discovered the Unlock26 ransomware, David Montenegro, who discovered the Dot-Ransomware RaaS, Bleeping Computer's Lawrence Abrams and GrujaRS, who helped with the analysis and info gathering.
more in the link above
luckily AV detection is high
ransomware
https://www.virustotal.com/en/file/...6c128e340f875542c7c94cf2c65791bed68/analysis/
builder
Antivirus scan for dd03307aa51cfb1c5a3c3fafc65729ad5b50a764354ef3919b7f9d0b4c6142a5 at 2017-02-24 08:40:34 UTC - VirusTotal
First spotted two days ago, this ransomware operation is quite unique as it features a very minimal and direct style, with little-to-no instructions and simple-designed ransom notes and ransom payment portal.
Based on two messages left on the Dot-Ransomware homepage, this entire operation launched on Tuesday, February 19, when the website was set up.
.........
.........
Dot-Ransomware, Unlock26 appear to be under development
But user instructions are not the only things missing from Dot-Ransomware and Unlock26.
For example, if users wanted to pay, they wouldn't even know the amount of Bitcoin they'd need to send, since the Unlock26 payment site doesn't list the decryption price, but shows a math function instead: 6.e-002 BTC. This is weird, to say the least, unless you really want people not to pay the ransom.
Putting this detail together with the error seen in one section of the builder (screenshot above), and with the fact that no users have reported Unlock26 infections as of now, we can say safely say this ransomware and its RaaS are still under development, and not yet ready to be deployed. Let's hope its author gets bored in a few days and drops the service entirely, but we doubt it will happen after working so hard to reach this advanced stage of development.
Special thanks to MalwareHunter, who discovered the Unlock26 ransomware, David Montenegro, who discovered the Dot-Ransomware RaaS, Bleeping Computer's Lawrence Abrams and GrujaRS, who helped with the analysis and info gathering.
more in the link above
luckily AV detection is high
ransomware
https://www.virustotal.com/en/file/...6c128e340f875542c7c94cf2c65791bed68/analysis/
builder
Antivirus scan for dd03307aa51cfb1c5a3c3fafc65729ad5b50a764354ef3919b7f9d0b4c6142a5 at 2017-02-24 08:40:34 UTC - VirusTotal
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
