RESTORE_INFO-xxxx , 10 letter extra extension, 0x86, Plugins and new Ransomware

India and Pakistan hit by Malware – “State-sponsored” cyber espionage campaign
August 29, 2017
Equifax Data Breach : 143 Million people affected in US, UK and EU
September 13, 2017

RESTORE_INFO-xxxx , 10 letter extra extension, 0x86, Plugins and new Ransomware

A new Variant of Ransomware has been reported by some of our clients.

All data files (php, htm, txt, zip) are encrypted and have been renamed by adding a 10-letter file extension that looks random – like this:

snips.txt.wxdrJbgSDa

Web.config.nUZPveYgIp

The ransom note left in every folder reads like this:

————————————————————————-

Files on your computer are encrypted.
Algorithm: ecc-secp192r1 & aes-ecb-256
To decrypt your files, please contact us using one of these e-mail addresses:
xxxx@secmail.pro
xxxx@scryptmail.com
xxxxx@countermail.com
Please include the following text in your message:
zMp9IPExgXlvg27MFOlQrOIssoqd/gUr5SiB5zhpbDt8TmZhBwkxrfJE6pI4eBWbQF27lVL9XlCbfSqA
…. and 5 more lines of random text/key like that

On closer malware analysis

The cost of the decoder is $ 2100 as demanded by criminals.

If you have been infected with such ransomware contact our technical team for further help.

Leave a Reply