Discovered by Heimdal Security, the ransomware operates in the traditional sense, by encrypting all the data on the PC before demanding the ransom. But the difference lies in the details of the ransom note, which says that the hijacker of your system will donate the money to a children’s charity: “Many children will receive presents and medical help!”
Of course, the cyber criminals at work here fail to mention the name of this supposed charity, which could have made the claim look at least a little bit more convincing. Nevertheless, they attempt to play a sort of guilt card by adding, “we trust that you are kind and honest person! [sic]”
The ransom’s monetary demand is quite high, at five bitcoins, about $2,200. This is much more than the usual ransomware that targets individuals and asks for a couple hundred dollars.
Despite the fraudulent back story concocted by the note’s authors, Heimdal security specialist Andra Zaharia points out that the ransomware itself is “as serious as can be.”
“This new strain, which currently lacks an identifying name, reuses large parts of open-source malware code,” she said. “For example, this ransomware is a CryptoWall 4 variant and it also includes CryptXXX components.”
We’ve seen several high profile cases of ransomware lately, targeting businesses and individuals, and many have paid. The most notorious case recently was a California hospital that paid $17,000 to get its data back. These cases led the FBI to issue a new memo last week urging people not to pay criminals and to maintain backups.
This is just the latest form of ransomware to use fake charities or recent tragedies, which is not an entirely new method of attempting to lure in victims. During the Ebola epidemic in 2014, scammers used fake news stories about a cure to bring in clicks and deliver malware. Similarly, after the notorious Malaysia Airlines flight went missing, malware-laden websites popped up with phony news reports claiming the plane had been found.
