Ransomware has been assuming different forms these days and it was only recently that we reported about a Ransomware that was a scam and deleted user’s files. Delilah is the latest Blackmailware that blackmails its target for information. Unlike other Ransomware Delilah extracts information from the target rather than money. The Trojan is still not available on the black market and is currently being used by a controlled group of hackers.
Delilah Ransomware
Diskin Advanced Technologies has further reported that the payload is delivered to the victims through the downloads from popular adult and gaming sites. Once the bot manages to gather all the necessary information it uses the same to extort the victim. The information might also be inclusive of victim’s family information. As with most of other malware, the bot also uses a social engineering plugin.
Surprisingly the instructions to the victim are delivered through a complex mesh of tools like TOR, VPN services, and measures to remove the audit trails.
That being said these bots are not completely automated and they need a high level of human intervention which makes it a risky affair for the hacker, but remember it’s always a high stakes game. Just to make it better for the attackers they are claimed to have a social engineering and fraudster team to help them out. However, the Trojan is still said to be buggy and it also freezes up sometimes. It is natural that the Threat actors want these bugs to be resolved.
As of now, there are many such malware and ransomware lurking in the Dark Web. As of now the only and the best precaution would be to stop employees from visiting the Adult websites and the gaming websites. If not handled efficiently the recruitment of Insiders will greatly damage the company’s integrity.
Source: Gartner.
here some had it and there computer was locked up
how it end do not know was some time ago
Here’s another nasty one (spam/email spread) recently emerging: Satana ransomware. It swiftly encrypts all files, restarts your device, ruins the MBR, then displays in red text on black screen a message beginning with words “You have bad luck”. Many A/V are starting to include its signatures for protection; interestingly Comodo CIS doesn’t, but I saw a test today of how CIS handles it with or without sandbox feature enabled: CIS stops the Satana executables from running (but leaves a file someone could inadvertently copy/pass to an unprotected Windows device). Hope this helps some, cheers!