Tuesday, July 25, 2017

This ransomware lets crooks spot their victim on a map

philly-ransom-note-01.png

A Philadelphia ransomware ransom note targeting a hospital - but users can see it on their own computers if they're not careful.

Image: Proofpoint

If ransomware wasn't sinister enough, a simple to use and easy to buy form of the file encrypting malware now provides its users with the ability to track victims on Google Maps

First appearing on the cybercriminal market in September last year, Philadelphia ransomware is available for $400 and the developers offers a 'ransomware-as-a-service' package which provides support and updates as and when they're added to the malicious software.

The RaaS kit is even promoted to potential customers with adverts complete with slick marketing videos and promotional screenshots boasting of a 'Full Lifetime License' from its creators, complete with regular support.

That support includes software for managing attacks, including the ability to list all of the infected machines, but not just by displaying which country the victim is in, but their location and IP address.

The feature is designed to help give users an insight to where they've made successful attacks - including the set ransom amount for that target and their operating system.

philly-attack-map.png

The tracking feature of Philadelphia ransomware shows the location of victims.

Image: Sophos

"It's the operational part of running your "hacking business" in order to manage the machines under control - a critical element of a non-technical persons' ability to leverage this tool and monetise it," Dan Schiappa, senior vice president of the Sophos Enduser and Network Security Group told ZDNet.

See also: Ransomware: An executive guide to one of the biggest menaces on the web

While its a certainly a creepy new addition to the scammers' arsenal, there's perhaps some level of reassurance in that the vast majority of Philadelphia users aren't anywhere near this level of sophistication. The ransomware comes with a 'Mercy' feature which is designed to gives cybercriminals an option if they grow a conscience and feel sympathy for the victim.

"There's rare cases of the bleeding heart hacker who finds out they've encrypted photos of someone's a dead relative and they give mercy", said Schiappa.

But more often it is used by technically incompetent crooks to decrypt their own systems when they infect them by accident.

"One of the primary reasons we've seen is that people - particularly non-sophisticated customers - will infect themselves," said Schiappa. "They infect themselves, infect their friends or they're using machines they want to clean and infect again just as they're testing things, that's what that's about".

Like the developers' other product, Stampado -- a much cheaper, but far less flexible ransomware -- Philadelphia is sold on the dark web, but access to ransomware is advertised on the open web with introduction videos and a how-to guide.

"It's idiot-proof. It's taken something that could be very sophisticated and technical and put it in the hands of those with malicious intent. That massively increases the scope of the use of the attacks," said Schiappa.

Fortunately, there is some good news in that some strains of Philadelphia have been cracked and free decryption tools are available.

READ MORE ON CYBERCRIME



from Latest Topic for ZDNet in... http://ift.tt/2uTJcSV

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.