Back to SonicALERT
InsaneCrypt ransomware spotted in the wild.
Description
The SonicWall Capture Labs Threat Research Team observed reports of a new
variant family of InsaneCrypt Ransomware [InsaneCrypt.RSM] actively spreading in the wild.
InsaneCrypt
encrypts the victims files with a strong encryption algorithm, replaces the
partition table of the system drive in some manner until the victim pays a
fee to get them back.
Infection Cycle:
The Malware adds the following files to the system:
Once the computer is compromised, the Malware starts searching for document
files.
The Malware overwrites the computer's partition table to avoid targets to
recover their system drive:
The Malware uses following public key for its own encryption:
While Malware.exe is encrypting files, it will encrypt all files and append
the .Insane extension onto each encrypted file's filename.
After Malware encrypts all personal documents it generates a text file
containing a message reporting that the computer has been encrypted and to
contact its developer for unlock instructions.
After our analysis we have noticed that the Malware does not provide a way
to input a key or UID to restore the partition table. It is currently
unclear whether InsaneCrypt is yet another wiper masquerading as ransomware
or if it is just poorly coded malware.
SonicWALL Gateway AntiVirus provides protection against this threat via the
following signature:
Back to top
Back to SonicALERT