News By Tag
News By Location
Welcome 2017 – eScan Alerts on Marlboro/Spora Ransomware
By: MicroWorld Technologies Inc
Marlboro Ransomware, encrypts the files and changes the extension to .oops and displays the message
!!! IMPORTANT INFORMATION!!!
Decrypting of your files is Possible is only with the private key and decrypt program, which is on our secret server.
To receive your private key you need to make payment to us.
After you make payment, run program called 'DecryptFiles' that is located on your Desktop and your Documents. Program will automatically decrypt all of your files !
If you try to decrypt files with another software your files can be forever lost.
How to buy decrypter?
1. You can make a payment with BitCoins , there are many methods to get them.
2. You Should The register BitCoin wallet (Simplest of online wallet some the OR OTHER Methods of Creating Company wallet).
3. Purchasing Bitcoins - Although it is not yet easy to buy bitcoins, it is getting simpler every day.Our Recommendations are Here• Localbitcoms.com (the WU) - the Buy Bitcoins with Western Hotel Union•Coincafe.com - Recommended for of fast, simple service,.• Localbitcoms.com - Service allows you to search for people in your community willing to sell bitcoins to you directly.CEX.IO • - with the Buy Bitcoins of VISA MASTERCARD or the Transfer-Wire•
4. of Post Send - 0.2 of BTC to the Bitcoin address: *****
5. you the make of After payment, the run program Called 'DecryptFiles' that is located on your Desktop and your Documents.Program will automatically decrypt all of your files !
Over here we have to note that the author claims to have implemented RSA and AES ciphers. However, the Ransomware author, had faked this message and was using XOR to encrypt the data and to make the matters worse used BOOST Library to do this task.
For a layman these terms are technical, however from programming point of view, even a skiddie with little bit of intelligence would write the XOR code himself, rather than relying on Boost library for this.
However, when we look into Spora Ransomware, it is quite evident from the first instance that its on the other side of the spectrum. Professionally coded, usage of AES and RSA, with the public keys being encrypted, the dashboard too showing elegance and to make the matters worse, Spora offers the victims immunity from further attacks if their demands are met.
Moreover, in recent weeks, we have observed that Ransomwares are now targeting Database Servers, especially the MongoDB and ElasticSearch Clusters. The criminals have not just realized the importance of these servers but have also found several insecure deployments.
Would Ransomware target vulnerable web-servers too?
For more information, visit www.escanav.com.
MicroWorld Technologies Inc
39555 Orchard Hill Place Suite 600 Novi, MI 48375
+1 248 374 5020