Malicious ransomware affects Argentina, Brazil and Colombia
According to information from ESET, since the appearance of this attack on March 20, it has spread to more than 50 countries.
The attack originates from an email with an attached file that appears to contain an image . However, upon opening the file, the user downloads a threat that bypasses system protections and then launches another process, which will connect the user to a URL to download a second threat. This file is ransomware known as FileCoder which, once executed, retrieves system information and then creates a key and encrypts user documents .
In order to obtain the key to decrypt the data, a period of one month is given and the cost of the ransom increases as time goes by. In order to make money, cybercriminals display the ransom demand to the user, leaving instructions on how the victim should go about recovering their files. When the malware finishes encrypting the data, it opens a browser and shows the victim a site hosted on the Deep Web , with the steps to follow to pay a sum in BitCoins , if they want to recover their information. At the time of analyzing this malicious code, the cost that the victim had to pay to recover their files is US $1,000, which has a BitCoin equivalent of 1.92.
If the user really wants to recover his files, because he does not have a backup or it is critical or confidential information, he must acquire the BitCoins and transfer them to cybercriminals . In order to pay the ransom, the victim must have access to the TOR network since the domain in which the panel is hosted to make the payment corresponds to an .onion domain.
According to information from ESET’s Early Warning systems, since the appearance of this attack on March 20, it has spread to more than 50 countries and affected more than 15,000 users . Among the countries where this threat has been seen are several from Latin America including Argentina, Brazil, Colombia and Mexico.