Kaspersky Lab’s Anti-Malware Research team has discovered Asacub – a new malware that targets Android users for financial gain.
The Kaspersky Lab Global and Analysis Team has analyzed a new version of a previously known Xpan ransomware, and has discovered a decryption method to help victims unlock their files. Using this method, the company’s experts have already helped several businesses to get their data back without needing to pay the ransom. Currently, the new version of Xpan malware is attacking mostly Brazilian users.
Brazilian cybercriminals are focusing their efforts on re-using old ransomware families previously seen on the global stage. They use them for attacking small businesses and users that are too trusting. Kaspersky Lab researchers believe this is the next stage of the ransomware threat landscape: going from global scale attacks to a more localized scenario.
One such example is Xpan ransomware. In September 2016, Kaspersky Lab researchers analyzed its samples and developed a decryption tool. Harvesting victims via poorly protected RDP (remote desktop protocol) connections, criminals were manually installing the ransomware and encrypting any files which they can find on the victim system.
In 2017, experts have found new variants of the Xpan ransomware in Brazil. The new variants encrypt the victim’s files and change the original extension to “.one”. Technically, the malware is almost identical to previously known Xpan samples.
A decryption tool is available:
We are warning companies that get affected by this type of ransomware not to pay the ransom. It is possible to unlock your files for free. This time luck is on the victims’ side: after thorough investigation and reverse engineering of a sample “.one” version of Xpan, company experts have discovered that the criminals used a vulnerable cryptographic algorithm implementation. This has allowed Kaspersky Lab researchers to break the encryption, as with the previously described Xpan version. Using this method, the company’s experts have already helped a driving school and a dentist clinic in Brazil get their files back.
Victims of “.one” and original variants of Xpan can contact Kaspersky Lab technical support for decryption assistance.
Articles related to Virus News
As the World Economic Forum in Davos approaches, Kaspersky Lab experts want to warn attendees about the risk of cyber-espionage attacks using malware designed for mobile devices.
For the third time in five years, Kaspersky Internet Security has come out on top for product effectiveness in the annual report from independent test lab, AV-Comparatives.