Recently, researchers from FortiGuard Labs observed new malware variants targeting Microsoft Windows users. This includes a new variant of FBI ransomware as well as two new ransomware Wise Guys and Pyschedelic.
FBI ransomware
The new variant of FBI ransomware typically follows the same tactics of luring users pretending to be fake FBI agents.
This variant compels victims into believing that their files have been encrypted due to illegal content they allegedly store in their machines.
It further adds pressure on the victims to either pay the fine or be imprisoned.
The malware is being distributed using a file named PayPal Checker.exe which generally refers to a tool that checks the validity of PayPal accounts.
Wise Guys
The other malware, named Wise Guys, is destructive in nature.
This malware deletes all the special folders, such as MyPictures, Desktop, MyMusic, and MyDocuments, along with their content. Further, it deletes the shadow copies of all these files.
It drops a few ransom notes after deleting all the files on the victim’s machine. These notes falsely claim that the files have been encrypted and the victim needs to pay $500 worth of Ethereum for a decryption key.
Pyschedelic ransomware
Pyschedelic ransomware uses the Windows internal command to encode files.
It encrypts files on a victim’s machine using the certutil encode command and demands a ransom to recover the affected files.
This malware leaves a ransom note as a text file and demands a ransom of $150.
The low-value ransom demand gives the impression that it targets individual consumers rather than enterprises.
Conclusion
The tactics used by these malware have nothing new, however, it cites an example of how hackers trick victims into paying a ransom, even for unrecoverable files. Thus, to effectively deal with the evolving and rapidly expanding ransomware landscape, a major step should be to not pay the ransom. Organizations and individuals are suggested to stay proactive and use a comprehensive backup system and take precautionary measures to prevent ransomware attacks.