96 Hours To Pay Up Or Spider Ransomware Deletes Your Files

A new form of ransomware has emerged and is being distributed through malicious Office documents, infecting victims with file-encrypting malware. Uncovered by researchers at Netskope, the 'Spider Virus' ransomware campaign was first detected on December 10 and is ongoing.

Like many ransomware schemes, the attack begins with malicious emails to potential victims. The email subjects and the lure documents indicate the attackers are keen on targeting victims in the Balkans. It's currently unknown where the attackers are operating from.

The malicious Microsoft Office attachment contains obfuscated macro code which, if macros are enabled, allows a PowerShell to download the first stage of the ransomware payload from a host website. Following this, the PowerShell script decodes the Base64 string and performs operations to decode the final payloads in an .exe file, which contains the Spider ransomware encryptor.

PowerShell then launches the encryptor, encrypting the user's files, adding a '.spider' extension to them and then displaying a ransom note.

The note tells the victim they've been infected with the Spider Virus and that they need to make a bitcoin payment for "the right key" in order to get their files back. The attackers also issue a threat that if the payment isn't received within 96 hours, their files will be deleted permanently. They add victims shouldn't "try anything stupid" as the ransomware has "security measures" which delete the files if the victim tries to retrieve them without paying the ransom.

An additional note provides the victim with instructions on how to download the Tor browser required to access the payment site, how to generate a decryption tool, and how to purchase bitcoin.

"This may seem complicated to you, actually it's really easy", the note says, adding that there's also a video tutorial inside a 'help section'. It's common for ransomware distributors to provide this sort of 'service' to victims, because if the victims can't pay the ransom, the criminals won't make money from their campaign. The Spider ransomware is still being distributed in what researchers refer to as a "mid-scale campaign".

As well as educating employees about the danger of ransomware and backing up critical files, businesses can protect themselves from becoming infected by Spider, and many other forms of file-encrypting malware, by removing macros, which are used as an attack vector.

"In addition to disabling macros by default, users must also be cautious of documents that only contain a message to enable macros to view the contents and also not to execute unsigned macros and macros from untrusted sources," said Netscope's Amit Malik.

Because Spider is a brand new form of ransomware, there's currently no free decryption tool available for victims to retrieve files.

ZD Net

You Might Also Read:

Ransomware: Should You Pay The Ransom?:

British Companies Buy Bitcoins As Ransom Money:

Bitcoin Is Increasing Ransom Attacks:

 

« Russia Will Build A Separate Internet Directory
The Current Threat Of Global Cyber Warfare »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Redscan Cyber Security

Redscan Cyber Security

Redscan Cyber Security is a Managed Security Services Provider (MSSP) that enables businesses to effectively manage their information security risks.

Global Digital Forensics (GDF)

Global Digital Forensics (GDF)

GDF specialise in Digital Forensics and e-Discovery. Other services include Data Breach Response and Cyber Security.

Beachhead Solutions

Beachhead Solutions

Beachhead's SimplySecure is a configurable, web-based management tool allowing you to remotely secure vulnerable mobile devices in your organization.

Yubico

Yubico

Yubico sets new global standards for simple and secure access to computers, mobile devices, servers, and internet accounts.

Recorded Future

Recorded Future

Recorded Future arms security teams with threat intelligence powered by patented machine learning to lower risk.

Stealthbits Technologies

Stealthbits Technologies

Stealthbits Technologies is a cybersecurity software company focused on protecting an organization's sensitive data and the credentials attackers use to steal that data.

ThreatSTOP

ThreatSTOP

ThreatSTOP is a cloud-based automated threat intelligence platform that converts the latest threat data into enforcement policies to stop attacks before they become breaches.

BeDefended

BeDefended

BeDefended is an Italian company operating in IT Security and specialized in Cloud and Application Security with years of experience in penetration testing, consulting, training, and research.

State e-Government Agency (SEGA) - Bulgaria

State e-Government Agency (SEGA) - Bulgaria

The State e-Government Agency (SEGA) is responsible for matters relating to electronic governance in Bulgaria.

BI.ZONE

BI.ZONE

BI.ZONE creates high-tech products and solutions to protect IT infrastructures and applications, and provides services from cyber intelligence and proactive defence to cybercrime investigation.

SOC.OS Cyber Security

SOC.OS Cyber Security

SOC.OS is an alert correlation and triage automation tool. It correlates and prioritises your alerts, boosting productivity, enhancing threat visibility and shortening mean time to respond.

Kyndryl

Kyndryl

Kyndryl has a comprehensive portfolio that leverages hybrid cloud solutions, business resiliency, and network services to help optimize your IT workloads and transformations.

Wabbi

Wabbi

Wabbi’s continuous security platform centralizes, automates and orchestrates security governance and vulnerability management to empower development teams to own appsec.

Protelion

Protelion

The Protelion Security Platform is uniquely architected to deliver security solutions that combine greater protection, flexibility, and performance.

Blockfence

Blockfence

Blockfence are a seasoned crew versed in enterprise-grade cybersecurity and crypto, on a mission to collaboratively shape the future of Web3 security.

Black Duck Software

Black Duck Software

Black Duck (formerly the Synopsys Software Integrity Group) is the market leader in application security testing (AST).