Free Decrypting Keys of Wildfire Ransomware Leads to Dousing of Malware
Anti-malware experts jointly with cops have thwarted the Wildfire ransom software which was inflicting Web-surfers in Holland and Belgium. Wildfire was proliferated through spam mails while its ransom demand was a maximum 1.5 Bitcoins for decrypting encrypted files.
Security researchers associated with the 'No-More-Ransom' campaign, a combined effort of busting ransomware between Intel, its subsidiary company McAfee, Kaspersky Labs, Dutch police and EC3 cyber-crime cell of Europol, have already posted 1,600 codes that would decrypt files, with more expected.
Ransomware Wildfire was first detected during middle of April when it was dubbed GNL followed with Zyklon after which it was renamed WildFire at May-end and still going.
In June-July, creators of WildFire began several massive spam outbreaks with the ransomware embedded and the messages were targeted mainly at people of the Netherlands. According to MalwareHuterTeam a team of security researchers, the ransomware attacks of WildFire went on during August despite security firms not reporting when the spam first started. Softpedia.com posted this, August 23, 2016.
Some oft-targeted countries with spam -Estonia, Moldova, Russia, Belarus, Lithuania and Latvia weren't attacked with WildFire within one characteristically devised strategy for eschewing attracting local agencies' of law enforcements attention.
Security investigators examining the threat received a gainful recess as the WildFire perpetrators went on registering tailored domain-names in Holland and hosting system-servers within the country.
Apparently, WildFire was executed within certain service model wherein cyber-criminals hired ransomware along with essential infrastructure for carrying out attacks, while the malware authors received commissions between 20-30%.
With this service model available, security researchers developed dual 'free' decrypting keys for unlocking WildFire-encrypted files. Moreover, since they had knowledge about statistics related to WildFire's system server, the researchers deduced that over the past thirty one days, the ransomware contaminated 5,309 PCs when 236 victimized end-users paid the ransom. Overall, revenue incurring to WildFire's creators was 136 Bitcoin ($79,000).
In 2015, security firm Trustwave found that facilitators formed a connection between fresh purchasers and ransomware authors along with essential service offerings comprising encrypting services and traffic pushers. Cyber-crooks employing ransomware usually netted a moderate USD 84,000/month with a $6,000 investment, and earned an enormous 1,425% profit.
» SPAMfighter News - 8/29/2016