New ransomware variants spotted in the wild

New ransomware variants spotted in the wild

Summary: Security researchers from TrendMicro, F-Secure and Dr. Web have intercepted two new ransomware variants currently circulating in the wild.


Security researchers from TrendMicro, F-Secure and Dr. Web have intercepted two new ransomware variants currently circulating in the wild.

TrendMicro intercepted a new ransomware variant that compared to previous releases is infecting the Master Boot Record (MBR), thus, preventing the operating system from loading. Upon execution, the infected PC restarts and displays the ransom message requesting a payment in order for them to receive the unlock code.

Both F-Secure and Dr.Web have intercepted an identical ransomware variant. Upon execution it encrypts all files, by adding a .EnCiPhErEd file extension. End users are given the option to have 5 attempts to try and enter the unlock code, in between the malware deletes itself and leaves the files encrypted.

The ransomware displays the following message  to infected users:

Attention! All your files are encrypted! You are using unlicensed programms! To restore your files and access them, send code Ukrash or Paysafecard nominal value of EUR 50 to the email You have 5 attempts to enter the code. If you exceed this of all data irretrievably spoiled. Be careful when you enter teh code!

Moreover, the vendors are emphasizing on the fact that the encryption in the ransomware variants (SHA1: b8f60c64c70f03c263bf9e9261aa157a73864aaf) is not as strong as the encryption used in previous versions of the infamous GPCode.

See related posts:

Ransomware attacks are becoming increasingly prevalent across multiple countries, thanks to the added localization and better market segmentation of the prospective victims. Cybercriminals taking into consideration quality assurance as a process, and constantly looking for new ways to socially engineer end and corporate users into infecting themselves with ransomware variants.

End users are advised to avoid interacting with suspicious links found in spam emails, and t o ensure that they're running the latest version of their third-party software, and browser plugins.

Topics: Browser, Legal, Malware, Microsoft, Operating Systems, Security, Software

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • freelance

    buddy's mom earned $19415 the previous week. she is working on the laptop and bought a $364000 house. All she did was get blessed and work up the instructions leaked on this website
  • perhaps...

    flood his mailbox with useless codes...
    a couple of e-mails per ZDNet reader??
    • Good one. lol.

      I agree. Hahahaha funny.
      Rick Sos
  • Surf and owned trojans?

    Are these trojans and are they 'surf and owned' trojans? If so, as long as you 'surf safe' for the former, you will be okay. For the latter, the holes that can be used to 'surf and owned' need closed immediately.

    On another point, when they find the people who do these things, they need stiff prison sentences to send a message that these things, even more than other crime, won't be tolerated.
    • These ransom wares can also come in

      Thru emails sent from people you know and don't know. I really feel sorry for the normal users who really don't have a clue on what's happening. And I agree, with you, it's time to start catching these crooks and give them some serious jail time and hard work, to make others think twice.
    • The problem is...

      That these criminals are in other countries and not directly subject to US law. While local law enforcement may try to cooperate, these rouges are seen as Robin Hood by there countrymen. Stealing from the rich and spending among the poor.
  • Good news: this website ( ) we has been updated and add

    Good news: this website ( ) we has been updated and add products and many things they
    abandoned their increases are welcome to visit our website. Accept cash or
    credit card payments, free transport. You can try oh, will make you satisfied.
  • Believe that?

    Believe that and you deserve what you get.
  • Love sugarmommy AND MEET

    I find a hot place where???=== CougarFlirts???. c 'o 'M ' ===??? you meet sexy and rich OLDER WOMEN. I would say dating a rich cougar is great not only because she is your lover but she would also have that motherly instinct with you as well and be able to comfort you like a younger women may not be able to.Plus there would be no games like their could be with younger women.Also their sexual experience is invaluable in bed trust me and they tend to be secure and set in their lives.Just my opinion but a rich older women is great and that's nothing against younger women. I am dating hot rich cougar on this website:=== ???=== CougarFlirts???. c 'o 'M ' ===???==members on this website are real with photos and details..Well, you do not have to be lonely
  • It's time to buy it will save your more money.

    It's time to buy

    it will save your more money.

    omg,wtf,so cheap.I wanna get it now....

    I'll pay $5000000