A security company has released a decryption tool for a new ransomware variant which places its ransom demand over the PC’s desktop wallpaper.
Emsisoft, which has build the decryption tool, said that the Hakbit ransomware has hit home users and businesses in the US and Europe, demanding $300 in bitcoin from victims, while warning them how many files they stand to lose.
It’s a newly discovered strain of ransomware, but as well as changing the victim’s desktop wallpaper into a ransom note (these are more usually posted as text files), this variant also includes a QR code pointing to the bitcoin address where it wants the victim to send money, a feature which has not been seen in ransomware for several years.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)
Hakbit encrypts its victims’ files using AES-256 and appends with the extension “.crypted”, Emsisoft said.
On installation, Hakbit attempts to conceal its presence by randomly naming its executable to one of the following: lsass.exe, svchst.exe, crcss.exe, chrome32.exe, firefox.exe, calc.exe, mysqld.exe, dllhst.exe, opera32.exe, memop.exe, spoolcv.exe, ctfmom.exe, or SkypeApp.exe.
Ransomware has been a growing menace in recent years. In particular it has become more of a problem for business as ransomware crooks have decided that they can make more from targeting whole networks of computers rather than individual home PCs.
Earlier this week Emsisoft published a free decryption tool for Jigsaw ransomware which can currently unlock 85 variants of the malware.