A new ransomware variant is being spread to millions of people through phishing emails from Vietnam and other countries, according to Barracuda, a security research firm.
Even though Barracuda has blocked 27 million phishing emails so far, the speed at which hackers are spreading the ransomware variant hasn't slowed.
The new ransomware variant is designed to take control over systems and demand ransom from affected users but as Barracuda researchers have observed, hackers behind the ransomware have no intention of keeping their world after receiving money from their victims.
This is because the ransomware variant comes with a single identifier which is being sent to all victims. This means that even after a victim pays a ransom, there is no way the hackers can identify the victim's system to send back decryption keys.
What makes the ransomware very dangerous is that like WannaCry, it is being sent to millions of users across the globe in the form of emails. In these emails, the sender is either listed as 'Herbalife' or a copier file delivery eg. 'firstname.lastname@example.org'. Newer emails being sent by hackers bear the subject line “Emailing – <attachment name>.
Researchers have observed that while a bulk of such emails are being sent from Vietnam, many of them are also being sent from countries like India, Columbia, and Turkey and Greece. At the same time, hackers behind the ransomware are also changing the names of payload files and the domains used for downloading secondary payloads constantly to avoid being filtered by anti-virus engines.
As per available data, the new ransomware possesses various abilities that include an ability to encrypt files, download executables from a remote location, ability to use cryptography API, modify Windows initialisation files, deleting samples after the execution and ability to retrieve system default language identifier.