Lawrence Abrams March 23, 2016
http://www.bleepstatic.com/images/news/ransomware/maktub-locker/we-are-not-lying-2.jpg
A new ransomware has been discovered by security researcher Yonathan Klijnsma called Maktub Locker that shows the most attention to detail that I have see on its ransomware payment site. Before we get to the decryption site, let's just take a moment to give a brief summary of the ransomware itself.
So far Maktub Locker appears to be your standard variety that encrypts your data and then ransoms your files for 1.4 bitcoins. After a certain amount of time, you enter a new stage where the ransom amount increases, where ultimately the ransom price tops out at 3.9 bitcoins. Maktub Locker does not currently use a static extension for encrypted files, but rather assigns a random extension for each victim.
At this point the ransomware is currently being analyzed and not much is known about it's inner workings and whether we can defeat its encryption method. What we do know is that it is spreading as an executable with a .SCR extension attached to emails. This attachment pretends to be an updated Terms of Service document that when opened launches the ransomware. An example filename for this attachment is TOS-update-2016-Marth-18.scr.
Full Article
The Art of the Maktub Locker Ransomware
Userlevel 7
+54
Userlevel 7
Ransonware appears to get more sophisticated each day, as we battle these exploits we need to be more proactive.
Userlevel 7
Well, the security pundits, at the close of 2015, did predict that 2016 would ahve, as one of its highlights, and increase in the proliferation of ransomware...and mainly in the area of trying to hit servers/companies rather than the individual/private person's device.
There appear to be right, at least, re. the 'proliferation' side of things...unfortunately.
There appear to be right, at least, re. the 'proliferation' side of things...unfortunately.
Userlevel 7
+54
April 8, 2016
A widely distributed scam email that quoted people's postal addresses links to a dangerous form of ransomware, according to a security researcher.
Andrew Brandt, of US firm Blue Coat, contacted the BBC after hearing an episode of BBC Radio 4's You and Yours that discussed the phishing scam.
Mr Brandt discovered that the emails linked to ransomware called Maktub.
The malware encrypts victims' files and demands a ransom be paid before they can be unlocked.
The phishing emails told recipients they owed hundreds of pounds to UK businesses and that they could print an invoice by clicking on a link - but that leads to malware, as Mr Brandt explained.
http://ichef.bbci.co.uk/news/624/cpsprodpb/7457/production/_89138792_ransomware1.jpg
Maktub increases the ransom as time elapses
Full Article
A widely distributed scam email that quoted people's postal addresses links to a dangerous form of ransomware, according to a security researcher.
Andrew Brandt, of US firm Blue Coat, contacted the BBC after hearing an episode of BBC Radio 4's You and Yours that discussed the phishing scam.
Mr Brandt discovered that the emails linked to ransomware called Maktub.
The malware encrypts victims' files and demands a ransom be paid before they can be unlocked.
The phishing emails told recipients they owed hundreds of pounds to UK businesses and that they could print an invoice by clicking on a link - but that leads to malware, as Mr Brandt explained.
http://ichef.bbci.co.uk/news/624/cpsprodpb/7457/production/_89138792_ransomware1.jpg
Maktub increases the ransom as time elapses
Full Article
Userlevel 7
+62
Thanks for the update on another very malicious Ransomeware. Again the only way out it is to pay But watching what you click on in your email is a given!
Userlevel 7
Another day, andother ransomware warning...the whole thing is getting a little staid...but warn we must as to fall victim of these particular miscreants is deadly. :(
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.