‘New version of ransomware variant chooses between encryption and cryptomining’




Security company Kaspersky Lab has found a new variant of the so-called Rakhni ransomware. Once this malware is present on a system, it can choose whether to encrypt files or use the cpu for cryptocurrency mining.

Kaspersky writes that the malware mainly targets Russian users and that the distribution takes place via e-mails with a malicious attachment. Once the malware is present on a system, it checks whether there is a virtual machine , which could indicate that someone is trying to analyze the malware. Then a check is made whether the ‘bitcoin’ folder is present in the ‘AppData’ folder. If that is the case, the malware decides to encrypt the files on the system according to the usual working method of ransomware. The assumption is then likely that the victim has a bitcoinwall that represents a certain value.

If that folder is not present and the cpu of the infected system has more than two logical cores, the malware chooses to install the cryptominer. Because mining takes place with the cpu, the malware chooses a cryptocurrency that is suitable for this. In this case, that is Monero and Monero Original. According to Kaspersky there are indications that in the latter case the gpu is used, because a folder ‘cuda’ is created. There is also the possibility to mine Dashcoin. There is also a third option, which is chosen if there is only one logical core. In that case, the malware activates a worm component, which attempts to spread to other computers on the same network.

The security company wrote in a recent report that the number of users that had to deal with ransomware fell by 30 percent between 2017 and 2018 compared to the period between 2016 and 2017. On the other hand, the number of people who had to deal with minors increased by 44 per cent.

Malicious Word attachment that asks victims to open a fake PDF document


In: A Technology & Gadgets Asked By: [22618 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »