Just in:
Ajman Celebrates Conclusion of Ramadan Activities with Grand Ceremony // Arvind Kejriwal Gets International Heft Against The Deshi Vishwaguru // No running of govt from jail, says Delhi Lt Governor // Emirates Post Speeds Up Deliveries for GCC with Special Day // Lisboeta Macau’s world first LINE FRIENDS PRESENTS CASA DE AMIGO and BROWN & FRIENDS CAFE & BISTRO has officially opened // AI Boost for Galaxy Devices: Samsung Expands One UI 6.1 Update // Sharpening the Focus: Sharjah Health Department Refines Evaluation Criteria for “Healthy Schools Programme” // Hope for Respite as UAE Endorses UN Plea for Gaza Truce // Party Nominees Refusing To Contest: Major Perception Threat For BJP // German Job Market Resilience Bodes Well for Economic Recovery // Experts come together to support updating the city’s nature conservation masterplan // U.S. Compliance Takes Center Stage at OKX Following Industry Jitters // Emirati Aid Reaches Ukraine as Food Shortages Bite // Universal Language for Healthcare: General Authority Embraces Global Coding System // Andertoons by Mark Anderson for Thu, 28 Mar 2024 // Infineon and HD Korea Shipbuilding & Offshore Engineering jointly develop ship electrification technology // US reiterates concern over Kejriwal arrest, Cong accounts // Sunshine’s Debut Features Leave Tech World Scratching Its Head // Meta Earth Official Website Launch: The Pioneer Explorer in the Modular Public Blockchain Domain // Samsung Partners National Heritage Board to Bring a Slice of Singapore’s Cultural Heritage to Samsung The Frame TV //
HomeBiz TechNot such a Merry Christmas: The ransomware that also steals user data

Not such a Merry Christmas: The ransomware that also steals user data

1484053130 merry christmas ransomware

merry-christmas-ransomware.jpg

The Merry Christmas ransom note features Futurama’s evil Robot Santa.


Image: SANS Internet Storm Center

Unsuspecting internet users could find themselves on the receiving end of an unwanted belated Christmas present, malware that doesn’t only encrypt their Windows PC and hold it to ransom, but also steals personal data and login credentials.

Spotted by cybersecurity researchers in the first week of the year, the Merry Christmas ransomware – also known as Merry X-Mas – might initially appear to be a strange name for a January ransomware campaign. However, Orthodox Christians celebrate Christmas on January 7 – something which might point towards the involvement of Russian or Eastern European actors.

ADVERTISEMENT

Whoever is behind the Merry Christmas ransomware, they’re distributing it via spam email claiming to be from one of two sources.

One of the campaigns claims the sender is from the Federal Trade Commission, telling the recipient that their company is under investigation for violating the Consumer Credit Protection Act, while the other claims to be a notice of court, informing the victim they’ve used illegal software and must attend trial.

In both cases the intended victim is sent a link, supposedly to the complaint against them, which when clicked will download an executable zip file disguised as PDF document.

When this file is run, it’ll initially work in the background, before – if Macros are enabled – executing the ransomware from a Word document within the zip, encrypting the victims’ files and displaying a ransom note, the latest version of which features the evil Robot Santa Clause from Futurama. Earlier versions of the ransomware prominently wished the victim a Merry Christmas.

Merry Christmas also threatens victims with permanent deletion of all their files if the ransom isn’t paid or if the users attempts to decrypt the files without paying the ransom.

Unlike many other ransomware schemes that demand Bitcoin, the victim is encouraged to email ‘Comodo Security’ in order to find out the price for regaining their encrypted files.

But if that wasn’t bad enough, security researchers at MalwareHunterTeam have discovered that the latest version of Merry Christmas ransomware payload also contains data-stealing DiamondFox botnet malware.

As noted by Bleeping Computer, DiamondFox contains the tools required for stealing login details and passwords, remotely opening desktop connections, stealing credit card data from point of sale systems and transforming infected PCs into DDoS bots.

Merry Christmas isn’t the first ransomware infection to also steal data in addition to money from victims. RAA ransomware started infecting victims with the data-stealing Pony Trojan malware in September last year.

Ransomware boomed during 2016, with the cost of ransomware attacks amounting to to amount to more than $1 billion during the year.

READ MORE ON CYBERCRIME

(via PCMag)

ADVERTISEMENT

ADVERTISEMENT
Just in:
Emirates Post Speeds Up Deliveries for GCC with Special Day // Hope for Respite as UAE Endorses UN Plea for Gaza Truce // Andertoons by Mark Anderson for Thu, 28 Mar 2024 // Renewables Surge Sets Record, But Global Equity Lags // Sharpening the Focus: Sharjah Health Department Refines Evaluation Criteria for “Healthy Schools Programme” // Experts come together to support updating the city’s nature conservation masterplan // Infineon and HD Korea Shipbuilding & Offshore Engineering jointly develop ship electrification technology // Experience Ultimate Shopping Freedom at 4.4 Shopee Spree: Don’t Worry, Shop Shopee! // Konica Minolta is named ASEAN 2023 Market Leader in Colour Light and Mid Digital Production Printers // U.S. Compliance Takes Center Stage at OKX Following Industry Jitters // Court Sides with Coinbase on Wallet Service, But Staking Program Remains in Limbo // German Job Market Resilience Bodes Well for Economic Recovery // Sunshine’s Debut Features Leave Tech World Scratching Its Head // Samsung Partners National Heritage Board to Bring a Slice of Singapore’s Cultural Heritage to Samsung The Frame TV // In Lok Sabha Polls In Punjab, AAP Is Advantageously Placed As Against Its Three Rivals // No running of govt from jail, says Delhi Lt Governor // Arvind Kejriwal Was Used By BJP In 2011 Movement To Take On The Congress // Emirati Aid Reaches Ukraine as Food Shortages Bite // Universal Language for Healthcare: General Authority Embraces Global Coding System // Ajman Celebrates Conclusion of Ramadan Activities with Grand Ceremony //