Researchers have spotted a new ransomware strain dubbed AnteFrigus that displays unusual characteristic traits.
It targets only the drives that are associated with removable devices and mapped network drives.
A new Hookads malvertising campaign has been discovered to be distributing the AnteFrigus ransomware.
What is unusual?
Most ransomware target the C: drive on target Windows devices, but not AnteFrigus. Instead, it goes after the drives associated with removable devices and mapped network drives.
This is unusual as users save documents on their local drives.
It targets only the D:, E:, F:, G:, H:, and I: drives and does not encrypt any files in the C:.
However, security experts speculate that this may be a bug and not the intended behavior.
They also suggest that this ransomware may still be in the development or testing phase.
“This malware does not look super sophisticated and contained a plethora of debugging symbols, source references, and test/debug location,” security researcher Vitali Kremez told Bleeping Computer.
What we know
This ransomware is distributed by malvertising campaigns that redirect potential victims to the RIG exploit kit.
This exploit kit looks for Internet Explorer vulnerabilities to exploit and install a malicious payload.
The ransomware was found to append a random extension to the encrypted files.
The ransom notes displayed a link to a Tor payment site that contained the ransom amount and the bitcoin address to send it to.
The C:qweasd est.txt file is also created, which may be used as a debug or lock file.
What we don’t know
Because this is a new ransomware, its weaknesses are not yet known. Researchers will have to uncove ..
Support the originator by clicking the read the rest link below.
