Thursday, January 27, 2022
archivelock ransomware warning

New Ransomware Demands $5,000 from victims

Russian anti-virus company Doctor Web has released a warning of an active ransomware effort executed through brute force attack via the RDP protocol on target machines.

Once connected to the victim’s PC, cyber-criminals establish a variant of the ArchiveLock Trojan, which uses the popular archiver, WinRAR to encrypt all files located on the system.

“Trojan.ArchiveLock.20 creates a list of files to be encrypted, empties the Recycle Bin, and deletes all backups stored on the computer. The Trojan uses the console version of WinRAR to place files on the compiled list into password-protected, self-extracting archives and employs a special utility to delete original files, after which they simply can’t be restored,” Researchers a Dr. web explain in an article.

“A significant number of systems have now been compromised by the Trojan in Spain and France: over the past 48 hours, Doctor Web’s technical support has gotten dozens of requests from people whose files have been encrypted by Trojan.ArchiveLock.20, and such requests are still being received,” they added.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

New FastPOS malware targeting Point-of-Sale systems

Experts have disclosed a new category of malware, labeled “FastPOS,” that has the ability to quickly …