ESET researchers found a new family of ransomware called Android / Filecoder.C. The new Ransomware uses a list of victim contacts to spread further through SMS messages containing dangerous links.

The ESET researcher who led the investigation, Lukas Stefanko provided further insight into the ransomware campaign found by the company.

As reported by the Techradar page, recently, the Android / Filecoder.C ransomware, distributed on topics related to adult content on Reddit and for a short time via the XDA developer forum. This Ransomware received the attention of ESET researchers because of its unique distribution mechanism.

Alert, There is a New Ransomware that Spreads via SMS

Before starting to encrypt files, the ransomware sends a number of text messages to each address in the victim contact list that contains a dangerous link to the ransomware installation file. Besides the non-traditional distribution mechanism, Android / Filecoder.C contains several anomalies in encryption.

"Campaign that we found is small and rather amateurish. Ransomware itself is flawed, especially in terms of encryption that is less implemented. Every encrypted file can be recovered without the help of an attacker," Stefanko said.

Ransomware does not include large files (more than 50MB) and small images (under 150KB). List of fileytpes to encrypt, also contains many entries not related to Android, nor does it have some typical extensions for Android.

Unlike ordinary Android ransomware, Android / Filecoder.C does not prevent users from accessing their devices by locking the screen. In addition the ransom is not specified as a hardcoded value and vice versa the amount requested by the attacker is created dynamically using the UserID assigned by the ransomware to certain victims.

Process produces a unique ransom amount for each victim, falling in the range of 0.01 to 0.02 BTC. "However, if developers improve shortcomings and distribution becomes more advanced, this new ransomware can be a serious threat," Stefanko said.

Alert, There is a New Ransomware that Spreads via SMS

ESET researchers found a new family of ransomware called Android / Filecoder.C. The new Ransomware uses a list of victim contacts to spread further through SMS messages containing dangerous links.

The ESET researcher who led the investigation, Lukas Stefanko provided further insight into the ransomware campaign found by the company.

As reported by the Techradar page, recently, the Android / Filecoder.C ransomware, distributed on topics related to adult content on Reddit and for a short time via the XDA developer forum. This Ransomware received the attention of ESET researchers because of its unique distribution mechanism.

Alert, There is a New Ransomware that Spreads via SMS

Before starting to encrypt files, the ransomware sends a number of text messages to each address in the victim contact list that contains a dangerous link to the ransomware installation file. Besides the non-traditional distribution mechanism, Android / Filecoder.C contains several anomalies in encryption.

"Campaign that we found is small and rather amateurish. Ransomware itself is flawed, especially in terms of encryption that is less implemented. Every encrypted file can be recovered without the help of an attacker," Stefanko said.

Ransomware does not include large files (more than 50MB) and small images (under 150KB). List of fileytpes to encrypt, also contains many entries not related to Android, nor does it have some typical extensions for Android.

Unlike ordinary Android ransomware, Android / Filecoder.C does not prevent users from accessing their devices by locking the screen. In addition the ransom is not specified as a hardcoded value and vice versa the amount requested by the attacker is created dynamically using the UserID assigned by the ransomware to certain victims.

Process produces a unique ransom amount for each victim, falling in the range of 0.01 to 0.02 BTC. "However, if developers improve shortcomings and distribution becomes more advanced, this new ransomware can be a serious threat," Stefanko said.


No comments