ESET Reported Major Surge in Activity of Filecoder Malware

IT security company 'ESET' is reporting a strange spike in the activity of Filecoder malware - Trojans that encrypt files of Internauts and try to extract a payment from them to decrypt their files.

ESET has indicated an increase of 200% in weekly count of 'Win32/Filecoder' detections since July 2013 over average statistics through January-June 2013.

Cybercriminals include 'Filecoder' ransomware to use various methods for getting the malware into the victim's machine: these consist of downloads from malware-laced websites, e-mail attachments, backdoor or Trojan-downloader, physical fitting and infection vectors.

Amongst the clutch of Trojan modifications making the rounds as recognized by ESET consist of: 'Win 32/Filecoder.Q', 'Win 32/Filecoder.AA' and 'Win 32/Filecoder.W'.

Another variant, 'Win32/Filecoder.BQ' even ramp up the pressure on its victims by 'exhibiting a countdown timer presenting the period before the encryption-key is lastingly deleted'.

In one set-up of contamination, ESET found that 'Win32/Filecoder.Q' (and soon after also 'Win32/Filecoder.AA' and 'Win32/Filecoder.W') distributed through backdoors for example the Poison-Ivy RAT (Random Access Trojan). In this case, the victims were sent the Poison-Ivy backdoor through email and if they were duped into executing the malicious software, it would get in touch with a C&C server and wait for commands. The cybercriminal would then propel the Filecoder Trojan to the tainted system that would not be saved as a file on the hard drive but run only in memory.

There are other examples where the hacker manages to install 'Filecoder' ransomware through RDP (Remote Desktop Protocol). The keylogger is infected and weak passwords enable the attacker to gain access to the machine. This 'break in' immobilizes AV (antivirus) defense while fitting malware into the hijacked desktop.

The money asked in exchange for encryption-key ranges up to €3,000 ($4,000) with maximum of the victims in Russia trailed by smaller volumes in Italy, Spain, the US, Germany and other Eastern European countries. The soaring amount is steady as the attacker usually targets businesses who can manage to pay staggering ransoms than individuals.

ESET advises Internet surfers to stay protected with updated anti-virus software regularly. However, it is also a good idea to get password-protect anti-malware software to avoid being changed by a hacker and backup frequently.

» SPAMfighter News - 10/3/2013