RV_ Posted November 23, 2016 Report Posted November 23, 2016 There are two big takeaways from this article on this cheap and nasty ransomware. 1. It can be fixed by the user and unencrypted without paying the ransom. 2. It shows you how it infects and gives a screenshot so you know if it is Stampado. The deal is that if 3% of all are fooled by it and pay, that is a lot of money worldwide. Excerpt: "One of the cheaper forms of ransomware that crooks can buy on the dark web has evolved worm-like capabilities which enable it to move across networks and external drives, and even to re-encrypt files which have already been encrypted by other ransomware. The Stampado ransomware is available to buy on the dark web for just $39, and is described by the seller as 'cheap and easy to manage ransomware' and offers buyers a 'full lifetime license'. While it might be expected that cheap ransomware offers wannabe cybercriminals very little bang for their buck, cybersecurity researchers at Zscaler have analysed Stampado and have found it to contain self-propagating features which make it extremely effective -- it can spread across multiple devices and drives connected to the infected system. Typically infecting victims via a spam email or drive-by download, the malware installs itself in the %AppData% folder with the name scvhost.exe, in an effort to pass itself off as the genunie Windows executable process svchost.exe." Much more in the article including related hot links here: http://www.zdnet.com/article/this-obscenely-cheap-ransomware-will-also-encrypt-files-across-your-network-and-removable-drives/?loc=newsletter_large_thumb_related&ftag=TRE49e8aa0&bhid=19724681974700635514865380622813 RV/Derekhttp://www.rvroadie.com Email on the bottom of my website page.Retired AF 1971-1998 When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius “Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire
Recommended Posts
Archived
This topic is now archived and is closed to further replies.