Defray Ransomware demands $5,000 from victims and asks them to backup their data

A new Ransomware strain named as Defray has set its target on health care, education, manufacturing and tech sectors of US and UK. The Defray has been customized to phish email to specific targets. The price for ransom is $5,000 in bitcoins from its victims.

The Defray first appeared on August 15 and it is being spread through Microsoft Word document attachments via the phishing emails. The first attacks used a malicious embedded OLE packager in Word document and sent to a hospital’ s IT director. Since then a string of attacks have taken place with authentic logos and letterheads attached to lure people into opening the email.

" The ransom note follows a recent trend of fairly high ransom demands in this case, $5000. However, the actors do provide email addresses so that victims can potentially negotiate a smaller ransom or ask questions, and even go so far as to recommend BitMessage as an alternative for receiving more timely responses. At the same time, they also recommend that organizations maintain offline backups to prevent future infections," Proofpoint researchers said in a blog.

The ransom note also had a message for the IT people who are likely to be tasked with dealing with this attack. The developers of the ransomware are particularly proud of themselves as the architecture of the ransomware cannot be unmade and different levels of encryption are used. It is primarily written in C++ and could pass several quality control tests.

The last note for users is to create a offline backup of your data until this issue has been resolved.

Tag : Linux
FAQ
Q
How many types of Ransomware are available?
A
Common types of ransomware are

1. Locker Ransomware
2.Crypto Ransomware
3.Mac Ransomware
Q
Is Ransomware a Trojan?
A
Ransomware - Definition, Prevention and Removal. Ransomware Trojans are a type of cyberware that is designed to extort money from a victim. Often, Ransomware will demand a payment in order to undo changes that the Trojan virus has made to the victim's computer.
Q
How does ransomware spread?
A
Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. ... Crypto ransomware, a malware variant that encrypts files, is spread through similar methods and has also been spread through social media, such as Web-based instant messaging applications.
Q
Why is Ransomware so effective?
A
The authors of ransomware instill fear and panic into their victims, causing them to click on a link or pay a ransom, and users systems can become infected with additional malware. Ransomware displays intimidating messages similar to those below:

1. Your computer has been infected with a virus. Click here to resolve the issue.
2. Your computer was used to visit websites with illegal content. To unlock your computer, you must pay a $100 fine.
3. All files on your computer have been encrypted. You must pay this ransom within 72 hours to regain access to your data.
Q
What is Ransomware?
A
Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. Ransomware variants have been observed for several years and often attempt to extort money from victims by displaying an on-screen alert. Typically, these alerts state that the user’s systems have been locked or that the user’s files have been encrypted. Users are told that unless a ransom is paid, access will not be restored.