The Stampado ransomware has evolved worm-like techniques to spread.
One of the cheaper forms of ransomware that crooks can buy on the dark web has evolved worm-like capabilities which enable it to move across networks and external drives, and even to re-encrypt files which have already been encrypted by other ransomware.
The Stampado ransomware is available to buy on the dark web for just $39, and is described by the seller as ‘cheap and easy to manage ransomware’ and offers buyers a ‘full lifetime license’.
While it might be expected that cheap ransomware offers wannabe cybercriminals very little bang for their buck, cybersecurity researchers at Zscaler have analysed Stampado and have found it to contain self-propagating features which make it extremely effective — it can spread across multiple devices and drives connected to the infected system.
Typically infecting victims via a spam email or drive-by download, the malware installs itself in the %AppData% folder with the name scvhost.exe, in an effort to pass itself off as the genunie Windows executable process svchost.exe.
Once Stampado starts running, it’ll stealthily attempt to make copies of itself on the local network and on any removable devices attached to the infected machine. Stampado won’t even spare the victim if their system is already infected with other ransomware, instead re-encrypting encrypted files.
This means the victim has to pay a ransom twice over — once to each ransomware deliverer — in order to get their files back. Ransomware variants which Stampado can re-encrypt include Locky, Cerber, Cryptowall, and more.
Once Stampado has encrypted all the target files, it’ll only then display a ransom note, threatening users that if they don’t pay, all their files will be deleted after 96 hours. It also threatens to delete a random file every six hours in order to scare victims into paying up.
Unlike other forms of ransomware, it doesn’t demand a ransom in Bitcoin, but rather asks victims to contact an email address with the ‘ID’ that represents their infected system.
Zscaler cybersecurity researchers advise victims not to pay the ransom, stating that it’s possible to decrypt files infected by Stampado on their own.
Ransomware has surged this year, recently becoming one of the three most common malware threats. The total cost of damages related to these attacks is set to top $1 billion before the end of 2016.
From:http://www.zdnet.com/article/this-obscenely-cheap-ransomware-will-also-encrypt-files-across-your-network-and-removable-drives/
About OsMonitor:
The mission of OsMonitor is to create a Windows computer system tailored for work purposes, effectively regulating employee computer behavior. It enables employers to understand what employees are doing each day, monitoring every action, including screen activity and internet usage. Additionally, it restricts employees from engaging in specific activities such as online shopping, gaming, and the use of USB drives.
OsMonitor, designed purely as software, is remarkably user-friendly and requires no additional hardware modifications. A single management machine can oversee all employee computers. As a leading brand in employee computer monitoring software with over a decade of successful operation, OsMonitor has rapidly captured the global market with its minimal file size and excellent cost-effectiveness compared to similar software. At this moment, thousands of business computers worldwide are running OsMonitor daily.
