Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » New crypto-ransomware "quarantines" files, downloads info-stealer

New crypto-ransomware "quarantines" files, downloads info-stealer

2015/04/07

Help Net Security - (International) ) Security researchers at Trend Micro discovered a new piece of crypto-ransomware dubbed CryptVault that uses open-source GnuPG to create RSA-1024 public and private key pairs that encrypt files to make them resemble files quarantined by an anti-virus solution, before asking for ransom and downloading and executing Browser Password Dump to extract passwords stored by Web browsers. Attackers spread the malware by tricking users into running malicious Javascript file attachments.

Source: http://www.net-security.org/malware_news.php?id=3008

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:23:59