Researchers Find Three New Ransomware Strains: CryptFlle2, BrLock and MM Locker
Security researchers from Proofpoint announced yesterday that they had discovered three new ransomware families, called CryptFlle2, BrLock, and MM Locker.
These three new ransomware variants are part of a growing global trend that has seen ransomware explode in the past few months, with an ever-growing number of new families discovered each month.
CryptFIle2 appeared in the middle of March 2016, and Proofpoint says that crooks employed the Neutrino and Nuclear exploit kits to deliver the malware to their victims.
The ransowmare is very simplistic at this point, doesn’t use a payment or decryption service, and in order to recover their files, users have to contact the ransomware’s creator via email and negotiate a decryption price.
Researchers say that, based on the ransomware’s RSA-2048 encryption implementation, this might be another clone after the CryptoBoss ransomware.
The second piece of ransomware researchers discovered is named BrLock, was seen for the first time ten days ago, on April 18, and has only targeted Russian users until now.
The ransomware authors didn’t even bother to display the ransom note in an international currency, asking for 1,000 Rubles ($15) from the get-go. This small ransom price is also indicative of its geo-targeting since Russians usually won’t or don’t have the financial resources to pay ransomware ransom demands of $100-$400 as victims in Western countries do.
Luckily for them, this is only “screen locker” ransomware, and not crypto-ransomware, meaning it does not encrypt any files, and once you’ve found a way to remove the lock screen, you can continue using your computer.
This ransomware was discovered in early March, uses encryption to lock the users’ files, and appends the “.locked” extension to all encrypted files.
MM Locker’s particularity is its ransom note, which is quite a lengthy one and in which the ransomware’s operator tries to convince, quasi-begging the victim to pay.
Here is the paragraph where we say that “ransomware numbers are on the rise, and you should expect them to continue to grow.” But adding this to all our stories about ransomware got boring a few months ago. Oh, wait…