BI.ZONE detects destructive ransomware attacks against Russian users
The victims are prompted to launch an executable and thus trigger file encryption on their computers. In a notable distinction from similar attacks, the perpetrators demand no ransom and offer no option to decrypt the affected files.
Presumably targeted via email, the victims receive two types of malicious files with nearly identical names,
Информирование зарегистрированных.exe and
Информирование зарегистрированных.hta (the words in Russian can be loosely translated as “Information for the registered”). The first of them contains a self‑extracting archive with two files:
LICENSE. The second initiates a background process to download
gUBmQx.exe from Zippyshare.
The Key Group ransomware encrypts data on hard disks, installs the group’s logo on the desktop, and opens a text message in English explaining the purpose of the attack: to destroy Russian computers. Further, the attackers ask to help their cause by sending money to their bitcoin wallet.
To protect your inbox from cyber threats, BI.ZONE experts recommend using specialized solutions that block spam and malicious messages.