• Subscriber/Sign In
  • Register
  • About Us
isssource.com
  • Home
  • Eguide: Overcoming the Industrial Cyber Security Skills Gap
  • Register
  • News
    • Careers
    • Government
    • Incidents
    • Industry Voices
    • Products and Services
    • Sending it Your Way
    • Technology Update
    • Views
  • Profile
  • Research
  • User Profile
  • Events
  • Login
  • Lost Password
  • Training & Certification
  • Transactions
  • White Papers
  • Membership Details
  • Subscribe Now
  • Membership Contents
  • Archives

Breaking News

  • Fukushima Report: Robot Lifts Melted Fuel
  • TÜV, Nozomi Ink Partnership Pact
  • Pangea Patches Bypass Vulnerability
  • Fuji Fixes FRENIC Devices
  • ARC: Safety and Profitability Work Together
  • Public Needs to Know About Chem Releases: Judge
  • Robot Testing Radioactive Fuel at Fukushima
  • Siemens Fixes CP1604, CP1616 Holes
  • Siemens has Upgrade for Intel AMT
  • Siemens Fixes Hole in SIMATIC S7-300 CPU
  • Siemens has Licensing Software Fix for SICAM 230
  • Siemens Fixes Ethernet Communication Module, Relays
  • OSIsoft has Update for PI Vision Hole
  • First Responders Test Technology
  • Manufacturing Targeted in Hack Attack
  • Siemens Fixes SICAM A8000 RTU Series Hole
  • Read More

Chemical Safety Incidents

White Papers

  • A Year in Vulnerabilities
  • A Year in Threats
  • Year in Hunting and Responding
  • Finding the Competitive Edge
  • Going Digital
  • Visibility Leads to Knowledge
  • Tips to SCADA Security
  • Insurance Dilemma: Infrastructure Attacks
  • Monitoring a Growing Network
  • Integrated Approach to Protecting ICS
  • Analytics through Network Monitoring
  • Gaining Visibility on Malware Attacks
  • The Wireless Edge
  • Benefits of Virtualization
  • Wireless Reshaping IT/OT Network
  • Virtualizing Network: Benefits, Challenges
  • Read More

Sending It Your Way

  • aeSolutions Security Blog
  • exida Explains
  • Joel Langill: SCADAhacker
  • [In] Security Culture
  • Eric Byres: Practical SCADA Security
  • Department of Homeland Security
  • Jim Cahill
  • Dale Peterson
  • Industrial Defender
  • Wurldtech
  • Read More

Ransomware Teams with Spyware

Wednesday, March 25, 2015 @ 09:03 AM gHale

The latest version of CryptoWall comes with a piece of spyware that ensures attackers still get an opportunity to make money if the victim doesn’t fall for the ransom demand.

The spyware is Fareit, known for its ability to find and take credentials from programs ranging from email clients, web browsers, FTP clients and digital currency wallets.

RELATED STORIES
Free Code Used for Ransomware
Cryptowall: New Version of Ransomware
IL Police Meet Ransomware Demands
DDoS Attack Costs on Rise

Users in Australia and New Zealand are the areas hit the most with the new attack, said researchers at Trend Micro.

North America comes in third where CryptoWall-Fareit combo ended up discovered in 24.18 percent of the cases, and those in Europe, with 14.27 percent infections. Other regions impacted are the Middle East/Africa, Asia and South America.

The dropper for the two pieces of malware comes as an archived JavaScript (JS) attached to an email claiming to deliver a resume, said Trend Micro researchers.

They use a JavaScript file because some scanners do not check this type of data.

The analysis of this file revealed it connects to two command and control (C&C) servers to download two apparent image files in JPG format. However, this is only a ploy to bypass intrusion detection systems (IDS).

Further analysis into the JavaScript showed the two files are actually executables for CryptoWall and Fareit, which run immediately after they end up downloaded.

While CryptoWall encrypts the targeted file types (documents, databases, emails, images, audio, video, and source codes) in the background, Fareit runs its sensitive info snatching routine and sends the data to the C&C, said Anthony Joe Melgarejo, threat response engineer at Trend Micro.

The ransomware locks the items with a strong RSA-2048 key and changes their extension to a random one. In the affected folders, it also drops instructions on how to make the ransom payment of about $500, which is in bitcoin currency and carried out via a payment website in Tor anonymity network.



Leave a Reply

Click here to cancel reply.

You must be logged in to post a comment.

« Cleanup Approved for VA Coal Plant
Leak Shuts MI Nuke »

  • Home
  • Eguide: Overcoming the Industrial Cyber Security Skills Gap
  • Register
  • View Spotlight Article
  • News
  • Profile
  • Research
  • User Profile
  • Events
  • Login
  • Lost Password
  • Training & Certification
  • Transactions
  • White Papers
  • Membership Details
  • Subscribe Now
  • About Us
  • Membership Contents
  • Archive
  • Sitemap
  • Careers
  • Government
  • Incidents
  • Industry Voices
  • Products and Services
  • Sending it Your Way
  • Technology Update
  • Views
Policies
Copyright © 2019 isssource.com