We have detected a new case of RansomWare.
Once the malware infects users and encrypts their files, several â€œread_me.txtâ€ files are created in the infected system, which warn users that their data files have been encrypted and that they wonâ€™t be able to access them unless they pay a ransom of $300.
The email addresses indicated in the message may vary:
The â€œpersonal codeâ€ may also vary depending on the random value that is used to encrypt the data.
The encrypted files usually begin with the text â€œGLAMOURâ€:
We have managed to access the data of the infected systems and there are 1,108 infected computers.
Besides, in 111 of those machines the port 6838 is open so that the machines act as socket servers.
The â€œconstruction kitâ€ of Trj/Sinowal has been used to create this Trojan.
We have already mentioned this malware family in the eCrime 2007
According to SecureWorks, this â€œconstruction kitâ€ is sold for around $1,000.
This variant has been detected as Trj/Sinowal.FY in the signature file.