Fortinet researchers at FortiGuard labs have come across a ransomware that only accepts Monero – an open source cryptocurrency created in 2014 – for payment, representing a shift away from the widely used and accepted standard Bitcoin in the ransomware space.
Not only this, but the ransomware poses as a cryptocurrency-related password store.
‘The malware masquerades as a ‘spritecoin’ wallet, asking the user to create their desired password, but does not actually download the blockchain,’ according to the Fortinet researchers.
‘It then demands a ransom in Monero cryptocurrency in return for decrypting the victim’s data. The file (also seen in the wild as spritecoind[.]exe) is UPX packed for simple evasion. It displays the typical ransom note of “Your files are encrypted,” and asks for a sum of 0.3 Monero – which is equivalent to $105 USD at the time of writing.’
During the decryption (payment) phase another malware is deployed ‘with capabilities including certificate harvesting, image parsing and web camera activation’.
The ransomware threat
According to the researchers, organisations must prepare for ransomware attacks by developing a solid backup and recovery plan.
>See also: The year of the ransomware shakedown
‘Malware authors have done their homework to ensure a higher success rates, and are now taking advantage of the hype surrounding cryptocurrency. They understand that most people don’t back up their systems regularly.’
‘A simple offline backup of important files will save a lot of time and frustration. Best practices require being vigilant about backing up files regularly. Then store the backup offline on a separate device, and even in multiple places to ensure redundancy.’