Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Possible new Criakl Ransomware variant spreading
#1
Quote:"It looks like we have a new Ransomware spreading as a nice Christmas Present. This is being identified as Criakl by Anyrun , but if it is criakl, then it is a new version . Criakl was around in 2014 and has been seen sporadically since then, but hasn’t been an extremely active or well spread ransomware previously, particularly in the UK.

I received 2 different emails overnight containing this ransomware both very similar and written in bad English or machine translated from a foreign language. These emails all come from admin[at]floraman.ru and pass all authentication checks SPF & DKIM so are likely to be delivered to the recipient.

One had a zip attachment containing a macro enabled word doc. The second was a .rar with a .exe inside it. The word doc contacts a remote site & downloads a .exe file which is identical to the exe file inside the .rar. The word doc uses macros on close, so a victim doesn’t realise anything is happening until after they close word.

Remember many email clients, especially on a mobile phone or tablet, only show the Name in the From: and not the bit in <domain.com >. That is why these scams and phishes work so well.

Prise list.zip extracts to Prise list.doc

[...]

This encrypts almost everything on the computer including it appears its own dropper

The encrypted files get renamed to email-biger[at]x-mail.pro.ver-CL 1.5.1.0.id-2094653670-9835384014918344629827.fname-Prise list.doc.doubleoffset

The ransom text which is in every folder as well as a displayed version on desktop asks you to email the criminal to get decrypted

Your files was encrypted! To decrypt write us
biger[at]x-mail.pro
biger[at]x-mail.pro
biger[at]x-mail.pro
(edited for security reasons)

[...]"

More information on the format of the mail spam to be found on the source.

https://myonlinesecurity.co.uk/new-ranso...l-version/
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Ukraine Authorities Take Down Bot Farm Spreading Russian Misinformation mrtrout 0 842 07-20-2023 , 08:10 PM
Last Post: mrtrout
  Malware-as-a-service is spreading among teens mrtrout 0 584 06-30-2022 , 03:31 AM
Last Post: mrtrout
  New Variant of IcedID Banking Trojan Spreading Wildely mrtrout 0 994 06-29-2021 , 11:24 PM
Last Post: mrtrout
  Researchers Warn of Facefish Backdoor Spreading Linux Rootkits mrtrout 0 779 05-28-2021 , 10:58 PM
Last Post: mrtrout
  Latest Mirai Variant Targets SonicWall, D-Link and IoT Devices Bjyda 0 916 03-17-2021 , 04:27 PM
Last Post: Bjyda

Forum Jump:


Users browsing this thread: 1 Guest(s)