Satana & Zepto Ransonware
There is a new strain of ransomware emerging, called “Satana” the reference is pretty clear, try just removing the last “a” from the name. It is a conglomeration of classic file encryption virus and the “Petya” strain which locks the Master Boot Record (MBR), i.e. it stops your PC from booting up.
This initially looks exactly like Petya, but with each encrypted file, Satana prepends their email address, like this: “firstname.lastname@example.org_filename.extension”.
As just mentioned Satana also encrypts the MBR and replaces it with its own. When a user reboots their PC, Satana’s MBR boot code loads up and the only thing the machine will show is Satana’s ransom note in red on black.
Security researchers who discovered the new strain, and stated it might be possible to recover the original MBR, however, that does not mean you can decrypt the files. Recovering Master Boot Record via Windows’ cumbersome command-line interface is not for the faint hearted.
According to researchers the code looks like it’s a work-in-progress, i.e. it’s still in beta format, and developers are still working on it. As more information comes out I’ll do my best to keep you informed, this virus is going to cause some damage when they start distributing it in volumes like Zepto is at the moment.
What’s Zepto? I hear you cry!
The New Zepto Is A Kleptomaniac version of Locky.
The Zepto strain is a nasty piece of work. It’s spewing out spam messages at an alarming rate, and looks very like Locky, which in itself could be really bad news because it could be from the same cyber mafia and these guys are very sophisticated and know exactly how to make money.
The Locky strain of ransomware, which we alerted you about a few months back, is a nasty enough piece of malware, and as-yet, remains unbroken ransomware virus, that has netted the authors of the Nuclear exploit kit £8 million in revenue from 1.8 million attacks cast over one month. Monthly income for developers sits around £100,000.
Cisco’s Talos researchers are particularly concerned that the new Zepto will move into exploit kits and that attackers will then move on from spam to other distribution methods, such as malvertising, and drive-by downloads from websites.