Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


New HDDCryptor Ransomware Works by Encrypting MBR

HDDCryptor, having another name Mamba, represents the latest ransomware family which rewrites the Master Boot Record (MBR) of a PC and makes the computer inaccessible to its owner. It would be incorrect to describe this new ransom software as any copycat of Petya since HDDCryptor appeared prior to both Satana and Petya, getting detected on sites of Bleeping Computer during January-end 2016.

The malware wasn't ever-used for any massive distribution scheme, the reason it didn't ever draw the notice of security agencies as well as independent security investigators.

Security Researcher Renato Marinho with Morphus Labs was first to spot once and twice the HDDCryptor. This was when a multinational called his company for probing an enormous HDDCryptor infection that affected the multinational organization's headquarters at India, Brazil and USA.

Towards August-end, an onslaught of operation threw light on HDDCryptor after which research work followed from Marinho and security firm Trend Micro's experts.

As per Trend Micro, the ransom software infects PCs when operators pull down files from malware-tainted sites. The miscreants install the malevolent binary onto host PCs directly alternatively via certain intermediary payload pulled down in some later phase. Crooks name the binary with a 3-digit number chosen randomly like in 123.exe. When assessment of the file in hybrid form was done it didn't generate too many evidences. Bleepingcomputer.com posted this, September 18, 2016.

And after executing infection, HDDCryptor first hunts to find network drives by scrutinizing the area network. Following that it utilizes Network Password Recovery a freely available tool for stealing and leaking credentials related to folders shared on the network.

This goes on with DiskCryptor, one more open-source module, launched for encrypting all the data-files on different partitions of hard drive. The module is subsequently employed together with the earlier scrutiny along with passwords for establishing link with network drives as well as encrypting those data-files too.

A Bitcoin address wherein funds were found and which was mutually used within the e-mails related to the HDDCryptor and DiskCryptor campaigns reveal that 4 persons apparently have made payments of the ransom, while there maybe more incase criminals utilized various other Bitcoin addresses.

ยป SPAMfighter News - 9/22/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page