A new strain of ransomware is spreading that disguises itself as a legitimate Windows update. Researchers at cybersecurity firm Fortinet discovered the ransomware, which is being distributed via spam emails containing a malicious attachment. Once a victim downloads and runs the attachment, the ransomware disguises itself as a Windows Update dialog box. It then encrypts the victim’s files and demands payment in exchange for the decryption key.
The researchers at Fortinet have dubbed this new strain of ransomware ‘VXers’ because of the error message that is displayed after the victim’s files are encrypted: ‘Oops your files have been encrypted! If you see this then your files are no longer accessible because they have been encrypted. Do not panic, you can still recover your files. In order to decrypt your files, you need to purchase the special software – VX LOCK.’
This message is somewhat unique in the world of ransomware. Most ransomware attacks use scary or threatening messages to force victims to pay, but the VXers ransomware appears to be taking a different tack. By reassuring victims that their files can still be recovered, the VXers attackers may be hoping that victims will be more willing to pay the ransom. However, as always, it is strongly advised that victims not pay the ransom, as there is no guarantee that the attackers will actually provide the decryption key after payment.
The researchers at Fortinet believe that the VXers ransomware is being distributed by the same group behind the Phorpiex botnet. The Phorpiex botnet has been around for several years and is used to distribute a variety of malware, including ransomware. It is unclear how many victims the VXers ransomware has claimed so far, but the Fortinet researchers warn that the distribution campaign is ongoing, and that the malware is likely to continue spreading for some time.
As always, it is important to be cautious when opening email attachments, even if they appear to come from a legitimate source. The best defense against ransomware is to maintain regular backups of important files, so that in the event of an attack, the victim can simply restore their files from a backup rather than paying the ransom.