360 Discovered a New Ransomware Disguised as Windows Activator

360

2018-08-24 14:49 1417

BEIJING, Aug. 24, 2018 /PRNewswire/ -- Recently, 360 Security Center found a new kind of ransomware, which was spreading through fake Windows Activator. The ransomware first appeared on August 7th and has been widely spreading since then. Although the Trojan itself has been intercepted by 360 Total Security, the number of victims is still growing.

Windows Activator is a popular tool for some users to activate pirated Windows. It is commonly used by attackers to spread malware, such as Trojan, Ransomware, and Cryptominer. After analysis, 360 discovered that this ransomware mimics itself as a popular Windows Activator to lure users into downloading it. We also found that the malware contains an administration tool which is used to control the attacks on victim's machine. The tool can be launched via pressing F8. The following configurations are supported: the key used to encrypt files, the name of extortion file, ransom message, ID used to identify the victim, the suffix of encrypted files.

It is common to see attackers use the Microsoft Crypto library to encrypt data. However, we found that this ransomware uses the open source library, CryptoPP, and it only encrypts the first 0x500000 bytes (about 5M) of the file with the AES algorithm. For files over 5MB, the file part after 0x500000 bytes will not be encrypted. This might leave the door open for victims to rescue their files.

Malware disguises itself as normal software, such as cracking tools and game plug-ins, is a common technique to spread malware. To avoid this kind of attack, 360 recommend users to:

Always scan files downloaded from unknown websites with antivirus software.
Protect important documents with "360 Document Protector".
Back up important files regularly.

Source Website:
https://blog.360totalsecurity.com/en/the-new-ransomware-disguised-as-windows-activator-is-emerging-in-the-wild/

View original content:http://www.prnewswire.com/news-releases/360-discovered-a-new-ransomware-disguised-as-windows-activator-300701969.html

Source: 360

Keywords: Computer/Electronics High Tech Security Internet Technology

Media Room more

Flexiv Brings the Latest Adaptive Robotics Technology and Applications to CIIF 2020

2020-09-19 10:50

3300

Flexiv Brings the Latest Adaptive Robotics Technology and Applications to CIIF 2020

Chinese online learning platform ClassIn and Sony Global Education team up to develop Japan's post-pandemic teaching system

2020-06-20 06:59

2710

Chinese online learning platform ClassIn and Sony Global Education team up to develop Japan's post-pandemic teaching system

360 Discovered a New Ransomware Disguised as Windows Activator

Flexiv Brings the Latest Adaptive Robotics Technology and Applications to CIIF 2020

Chinese online learning platform ClassIn and Sony Global Education team up to develop Japan's post-pandemic teaching system

Flexiv Releases White Paper: Adaptive Robots and the Future of Industrial Automation

360 Enterprise Security Solutions Appear at RSAC2019

360 to Work with International Vulnerability Platforms to Build a Global White Hat Collaboration Mechanism

Qihoo 360's Users Decide the Features Included In Latest Version of 360 Total Security

Driving Impact with AI: Brian Impact Foundation Joins AVPN Global Conference 2024

Zhihu Inc. Files Its 2023 Annual Report on Form 20-F

Greater efforts urged on sci-tech cooperation

Damstra targets global growth as part of Ideagen

Xiao-I Corporation to Announce Full Year 2023 Results

SUNRATE named one of the top 100 cross-border payment companies for 2024 by FXC Intelligence