Merry X-Mas Ransomware Campaign Is Underway

March 13, 2017 | Views: 3264

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

At first sight, the ransom Trojan called Merry X-Mas, or MRCR, is quite a run-of-the-mill sample. It mutilates one’s personal files using a strong encryption algorithm and then demands a ransom to restore the hostage data. Upon closer scrutiny, though, this strain turns out to be a much more serious threat than it appears. It is accompanied by identity-stealing malware referred to as DiamondFox. This concomitant offending code is capable of collecting a victim’s passwords and other secret information, subsequently exfiltrating these sensitive details to criminals’ server.

Although the distribution of the Merry X-Mas digital plague seems way overdue now that the Christmas theme isn’t relevant, it is on the rise and showing a potential to become more widespread. Moreover, the cyber crooks at the helm of this campaign have recently launched a new variant that appends the .merry extension to victims’ files. This edition also uses a new name for the ransom note, which is an application called Merry_I_Love_You_Bruce.hta.

According to the instructions that the infection provides, a compromised user needs to send his or her personal ID to or submit it to the criminals’ Telegram account @comodosecurity. The ID indicated in the ransom manual is unique to every victim and consists of 32 hexadecimal characters. More detailed decryption directions will be received in a personal message. There is a time restriction to pay up, usually five days. The attackers claim to erase the private decryption key after this period expires.

Despite the fact that the .merry file extension virus is shaping up to be a high-severity crypto infection, there is hope when it comes to defeating it. The Emsisoft software vendor released a free decryptor for this version. However, the perpetrators keep fine-tuning their code so that decryption tools become useless. One way or another, prevention is so much better than cure. So be sure to maintain backups and stay away from email spam.

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?