Multi-Device Licenses (Volume Discounts)

Change Region

English Português
Computer Security New Wiper Malware Impersonates Security Researcher

New Wiper Malware Impersonates Security Researcher

By Nizel in Computer Security
Translate To:
English

wiper malware impersonationA threat actor decided to make it personal with one of the security researchers working on analyzing malware. The attackers in question decided to use their malware to attack the reputation of the researcher, Vitali Kremez.

Users discovered the situation when they were downloading software from crack sites and free software websites. The malware is a ransomware that locks them out of their computers. Instead of the usual setup where a ransom is demanded, the infected PC displays a message. The contents of the message claim the computer was infected by Vitali Kremez and MalwareHunterTeam, both of those being legitimate security researchers with no ties to the malware infection.

Hello, my name is Vitali Kremez. I infected your stupid PC. you idiot.
Write me in twitter @VK_intel if you want your computer back
If I do not answer, write my husband twitter.com/malwrhunterteam
To protect your ***ing computer in future install SentinelOne antivirus. I work here as head of labs.
Vitali Kremez Inc. () 2020

Another variant of the threat, called 'SentinelOne Labs Ransomware' in its message, is being distributed, targeting Vitali Kremez, and using his contact information to push the blame for the infection on the researcher. Тhe note states the following:

~SentinelOne Labs Ransomware~
Your system was unprotected, so we locked down access to Windows.
You need to buy SentinelOne antivirus in orer to restore your computer.
My name is Vitali Kremez. Contacts are below.
Phone:
E-mail 1:
E-mail 2:
After you buy my antivirus I will send you unlock code.
Enter Unlock code:

MBR lockers are capable of replacing the master boot record of a computer, so it blocks the operating system from booting up. They usually display a ransom note or, in this case, a message by the authors of the malware.

Examples of this kind of infection can be seen in cases where blocking access to files is meant to make profits without allowing the victim any control at all over their infected device, unlike in more 'traditional' ransomware. For the moment, researchers have been unable to get a sample of the malware used to smear Vitali Kremez and MalwareHunterTeam.

Loading...