The security company Heimdal Security αποκάλυψε μια νέα εκστρατεία ransomware, η οποία, μέχρι και αυτή τη στιγμή εξακολουθεί να μην αναγνωρίζεται από οποιοδήποτε από τα 57 προϊόντα ασφαλείας που υπάρχουν στο VirusTotal antivirus aggregator της Google.
The new ransomware spreads to Scandinavia using spam emails, which come with a Word document attached. This file is trapped with a malicious macro that, when the document opens, executes and downloads the ransomware on the victim's computer.
When the ransomware is downloaded, it immediately encrypts the most important documents of the user, and changes the ending of the files to ".breaking_bad".
Access to encrypted files is impossible if their owners do not pay the ransom.
The Word macro that uses the ransomware has also been used by a Chinese hacking team targeting Russian military bases.
The reason why this technique is so loved by hackers it's because it allows them to create malicious files that don't look malicious at all.
This is probably the reason why ransomware is not detected by VirusTotal.
Word documents are similar to any other Word document, and they do not contain any malware, except for a few instructions to "download a file from the Web" from a macro.
This file can be anything: an image, a CSS file, or malware. So the only way to protect against such threats is to educate users not to open any files in the Internet coming from unknown people, whatever they promise.
