Defray Ransomware Aggressively Spreads to Hone-In on US Health Sector
Recently, a new ransomware threat has emerged to target the US Health Sector. Unlike most ransomware, which is aimed to spread as far and wide as possible, the threat we're talking about today is only spreading in the US and is set to specifically target institutions and companies that are related to the health sector.
Table of Contents
Brand New Threat From The Ground Up
The file-encryption malware goes by the name Defray Ransomware and could prove to be a particularly nasty threat. The name stems from the fact that Defray Ransomware's author has taken his time creating this Trojan. Unlike most cyber criminals who take the short cut and, so to say, borrow code, and certain modules from already existing threats, the father of Defray Ransomware didn't spare any effort. This ransomware threat appears to have been made from scratch. Despite this obviously costing the cyber crook much more time and effort, it has made Defray Ransomware very difficult to break. In fact, security experts haven't been in touch with anything like this and therefore will need significantly more time to poke and probe this vicious malware until they manage to develop a decryption tool. That, of course, is in case they manage to break the encryption of Defray Ransomware at all.
The Ransomware Creator’s Unique Methods
The creator of Defray Ransomware claims that there is no way to decrypt one's files without paying the ransom sum demanded. He states that he has used AES-256 encryption algorithm in combination with RSA-2048. The AES and RSA public keys are stored in a separate file which is then encrypted with the assistance of SHA-2, therefore minimizing the chance that anyone will be able to decipher the data required for the decryption of the victim's files.
Propagation and Encryption
The propagation method employed by Defray Ransomware, however, is nothing new under the Sun – a spam email campaign. The victim would receive an email that at first glance looks legitimate and contains a patient report. If the user falls for it and attempts to open the attached file, Defray Ransomware will dump its payload. In the absence of a strong anti-malware security suite Defray Ransomware will continue its course and will set a chain of events into motion. First, the threat would take up encrypting the files it targets. Upon completion, the victim will be kindly informed of their situation in a ransom note that would be dropped on their system. The note states that the decryption key they need to unlock their data would cost them $5000, as usual, in the shape of Bitcoins. This is a notably higher sum than what most ransomware threats would demand which is usually around a few hundred dollars. In case the victim pays up, and the transaction is successful, the ransom note urges the user to get in touch with the creator of Defray Ransomware in order to receive the decryption key needed. Several emails are provided – glushkov@tutanota.de, glushkov@protonmail.ch, and igor.glushkov.83@mail.ru. The ransomware note could either be called HELP.TXT, or FILES.TXT.
Security experts are unanimous on this – it's never advisable to pay up the ransom demanded by the cyber crooks. They aren't to be trusted and are likely to trick you into paying them and leave you empty-handed. Nothing can force them to uphold their part of the deal. Because of the aggressive nature of new ransomware threats, you should always make sure that you have installed a reputable anti-malware suite and have backed your data on offline hard drives.