MalwareDisasters is a division of MalwareIntelligence. In the same test information is captured about the behavior of malicious code, and also offering the necessary countermeasures to mitigate the malicious actions in question.

9.03.2010

Campaign to disseminate russian ransomware

Updated 09/03/2010
S!Ri is doing a great job getting information needed to unlock this and other variants of ransomaware. Has kindly agreed to share with us their work by providing an update with new codes. Great job S!Ri and thank you very much for sharing data :)

Number to Call: 89654028569
Number to Call: 89654028703
Code to unlock Windows: !8912034'

Number to Call: 89654028578
Number to Call: 89654028597
Number to Call: 89654028594
Number to Call: 89654028566
Number to Call: 89654028563
Number to Call: 89654028583
Number to Call: 89654028725
Number to Call: 89654028717
Number to Call: 89654028703
Code to unlock Windows: (30958374)
 
Number to Call: 89654028562
Number to Call: 89654028563
Number to Call: 89654028590
Number to Call: 89654028595
Number to Call: 89654028598
Number to Call: 89654028578
Number to Call: 89654028614
Number to Call: 89654028723
Code to unlock Windows: ~2058205~

You can find more information about the type ransomware malware and rogue on his blog:

Original 09/02/2010
Every so often a new ransomware campaign designed to block access to the operating system by displaying a message which requests to send a text message SMS rate to a certain number, in theory, to receive a key to regain control access to the system.

SMS Ransomware
The window occupies the whole screen by closing access to any program. When you enter the correct password, the window disappears and the binary executable is self-eliminated.

The distribution of this ransomware is being carried out since late July and so far has more campaigns. All show the same message and design style, but change the phone number to be sent the text message. Some of the executables that are part of this campaign are:

The business of the offender is the percentage of money that is carried by each SMS that is recorded at these different numerical ranges, sent by the victims. The amount of money requested by the offender through the message to aspire to unlock access to the system is 400 rubles. That sum is expressed in Russian currency (рубль) and its equivalent in U.S. dollars is $ 13.


In all campaigns has appeared so far of this variant of ramsomware, provided the amount requested was 400 rubles.

Another peculiarity is that it belongs to the generation of ransom whose dissemination strategy is exploited using pornographic resources, either through websites or domains conditional content, using SEO strategies, are content with words that refer to the type of content referred to.

Countermeasures
Unlock the following codes:

89653625352
Unlock code: @34208923@

89653686497
Unlock code: 10779401

89653276574
Unlock code: 17661888

89652404438
Unlock code: !48950345!

89646283842
Unlock code: 10070000008000

89636385700
89636385707
89636385755
89636385675

Unlock code: $73747589$

89629911485
89629911932
89629911658
89629910152
89629910824
89629910747
89629910275
89629909846

Unlock code: 10200000000000003

89057635571
89055280410
89055280241

Unlock code: $73747589$

89055282108
Unlock code: ^77723094^

Related information

New Russian SMS ransomware In-the-Wild
SMS Ransomware porn template update
New variant of ransomware through porn sites IV
New variant of ransomware through porn sites III
New variant of ransomware through porn sites  II
New variant of ransomware through porn sites
Another very active SMS Ransomware
SMS Ransomware for Windows In-the-Wild

Jorge Mieres

1 comentarios:

S!Ri said...

Number to Call: 89654028578
MD5: 79009501426084A57B2A75E62A65C236

Number to Call: 89654028597
Number to Call: 89654028594
Number to Call: 89654028566
Number to Call: 89654028563
Number to Call: 89654028583
Number to Call: 89654028725
Number to Call: 89654028717
Number to Call: 89654028703
Code to unlock Windows: (30958374)

Post a Comment