Just when you think you have seen it all, a new spider ransomware changes the game. Attackers behind a new ransomware campaign are offering an easy tutorial video to ensure they make money from their criminal activities. This spider ransomware is being distributed through malicious Office documents, infecting victims with file-encrypting malware. This strand of ransomware was only detected a few days ago, so the window of alerting the public is shrinking. Like many ransomware schemes, the attack begins with malicious emails to potential victims. It’s currently unknown where the attackers are operating from, and there have been no reported cases yet here in the US.
Spider ransomware
The malicious Microsoft Office attachment contains obfuscated macro code which if macros are enabled, allows a PowerShell to download the first stage of the ransomware payload from a host website. Next, the PowerShell script decodes the Base64 string and performs operations to decode the final payloads in an .exe file, which contains the Spider ransomware encryptor. This encryptor is then launched, encrypting the user’s files, adding a ‘spider’ extension to them and then displaying the ransom note. The attackers also issue a threat that if the payment isn’t received within 4 days, their files will be deleted permanently. They also claim they have a security measure in place that automatically deletes the file if the victim tries to do anything to recover the file without paying the ransom. An additional note provides the victim with instructions on how to download the Tor browser required to access the payment site, how to generate a decryption tool, and how to purchase bitcoin. The next step is where things get weird. The ransom note also offers custom service. They provide a help section that has a video tutorial you can watch, ensuring you don’t run into any hiccups while paying your attackers.
This ransomware, as with all others, should serve as a reminder to businesses to take all the necessary steps needed to protect themselves and their data from outside threats. Please refer to this article: Four Tips To Protect Against Ransomware if you need refreshed on steps you can take for protection. 2W Tech has Security experts on staff that can help ensure your organization takes all the necessary steps to be protected from Ransomware and other outside security threats. Give us a call today.
Read More:
Epicor ERP 10.2 Release Generally Available
How is Ransomware Really Spread?

Don’t Be Extorted eBook

Enjoyed reading this article? Click the button below to download this asset.

Download “Don’t Be Extorted” Now

Don't Be Extorted: How to Keep Your Company and Personal Data Secure

Please complete the form to download the file.

Back to IT News