Nemucod Malicious Program Disseminates TeslaCrypt Ransomware Worldwide

A new Trojan Nemucod is showing a large number of detections. It is a downloader malware because it pulls down another malicious program floating on the Web. The Trojan's detection has been all over the world with some countries showing particularly high detection rates. The global spread of the malware could mean the attacks aren't concentrated in any single nation but are attempts to infect the maximum possible number of users worldwide. Welivesecurity.com published this, December 16, 2015.

The current malware campaign is using the electronic mail to spread its malicious payload. The e-mail presents an invoice, which is actually a fake, and attempts at persuading the recipient to view a given ZIP file as an attachment. The e-mail comes from someone who's already infected with the malware and in this way the Trojan propagates till the last possible victim.

The Nemucod being a downloader installed TeslaCrypt a member of a ransomware family from a hijacked website. If the infected user runs this ransomware, it would encrypt certain files having videos, images, Microsoft Office documents as well as other content. Once the encryption process completes, a template appears in the web-browser that other ransomware programs have been using. And like all ransomware, the TeslaCrypt demands a ransom payment from the victim for him to regain his locked files.

The Nemucod-TeslaCrypt attack has drawn the interest of many owing to its high detection rates. Therefore according to ESET, when at its peak, the malware, in Japan, showed 75% of the total e-threat identifications over a 2-day period.

Likewise, high detection rates got reported from more countries like Italy showing a 30% rate, Spain a 23%, USA and Canada -15% each, while in Argentina the rate was 14%. The detection rate of Nemucod-TeslaCrypt malware across the world was 10%.

According to Josep Albors of ESET, the current ransomware infections haven't been so high like with other earlier ransomware attacks, which augur well for users and the security community. For, it implies end-users are employing safeguard techniques that would detect fresh threats, while further implies that they aren't opening dubious attachments in e-mails.

» SPAMfighter News - 12/23/2015