Tue. Jul 7th, 2020

TerabitWeb Blog

Fascinating Technology and Security Information

AnteFrigus ransomware leaves C alone, goes after other drives

2 min read

Original Post from SC Magazine
Author: Doug Olenick

Security researchers
have come across and analyzed an oddly behaving ransomware variant that
bypasses the victim’s C drive instead targeting the device’s other drives.

An analyst
who tweets under Mol69 and Bleeping
Computer took a look at the odd behavior presented by AnteFrigus ransomware. Instead
of going after the one place where most people store their most important data,
the C drive, AnteFrigus leaves that area alone to focus the drives normally connected
to network storage and removable devices, Bleeping
CEO Lawrence Abrams said.

ransomware is distributed with the RIG exploit kit using a new Hookads
malvertising campaign.

installed AnteFrigus searches out the D, E, F, G, H, and I drives. And even on
these drives the malware is picky ignoring a slew of file types, including,
cmd, mpa and dll. Once it does gain access to those drives it will encrypt the
files it desires.

At this
point a very poorly written or translated ransom note appears giving
instructions on how to receive a decryption key.

“This ransom
note will contain a link to the Tor payment site, currently located at
http://yboa7nidpv5jdtumgfm4fmmvju3ccxlleut2xvzgn5uqlbjd5n7p3kid.onion/, which
will list the current ransom amount and a bitcoin address to send the payment
to. In our test, the ransom is $1,995 USD and becomes $3,990 after a little
over 4 days as shown below,” Abrans wrote.

One theory
put forth by Bleeping Computer to explain this behavior is the attackers are
only interested in hitting devices connected to a business and thus most likely
to use the secondary drives.

Abrams brought in ethical hacker Vitali Kremez to take a look at the ransomware
and he concluded the C drive issue was due to the ransomware being defective or
still under development.

The post AnteFrigus ransomware leaves C alone, goes after other drives appeared first on SC Media.

Go to Source
Author: Doug Olenick

Leave a Reply

Copyright © All rights reserved. | Newsphere by AF themes.