Site icon Panda Security Mediacenter

A new case of RansomWare !!!

We have detected a new case of RansomWare.

Once the malware infects users and encrypts their files, several “read_me.txt” files are created in the infected system, which warn users that their data files have been encrypted and that they won’t be able to access them unless they pay a ransom of $300.

 The email addresses indicated in the message may vary:

kiloglamour@gmail.com

tristanniglam@gmail.com

oxyglamour@gmail.com

glamourepalace@gmail.com

The “personal code” may also vary depending on the random value that is used to encrypt the data.

The encrypted files usually begin with the text “GLAMOUR”:

We have managed to access the data of the infected systems and there are 1,108 infected computers.

Besides, in 111 of those machines the port 6838 is open so that the machines act as socket servers.

The “construction kit” of Trj/Sinowal has been used to create this Trojan.

We have already mentioned this malware family in the eCrime 2007

http://research.pandasoftware.com/blogs/research/archive/2007/03/29/eCrime-2007-Congress.aspx

According to SecureWorks, this “construction kit” is sold for around $1,000.

http://www.computerworlduk.com/management/security/cybercrime/news/index.cfm?RSS&NewsId=3740

This variant has been detected as Trj/Sinowal.FY in the signature file.

Exit mobile version