Personalized ransomware: requires victims to use credit or debit cards to pay ransom, with full personality ransom

Personalized ransomware: requires victims to use credit or debit cards to pay ransom, with full personality ransom

Last week, security researchers recently discovered ransomware that encrypts files of victims and redirects victims to an online page, pay a ransom on the page to unlock the encrypted file.

This was similar to the usual form of ransomware, but most specifically, the ransomware required victims to pay by credit or debit card.

This ransomware is named MindLost, but Microsoft has detected it as Paggalangrypt. This ransomware is a minority of ransomware that use a specific extension, it can scan all files stored on the device (txt, c, jpg, mp3, mp4, pdf, png, and py ), but it does not include Windows, Program Files, and Program Files (x86.

According to security researchers, the ransomware seems to be actively distributed, and more importantly, it is still under development because MindLost consumes a lot of time to scan files, however, the final encrypted file is only from the "C: \ Users" folder.

Program. enc.

After the encryption is completed, MindLost downloads an image containing the recovery file method on the remote server and sets it as the desktop wallpaper of the computer. MindLost also sets a registry key to ensure that the computer can run its executable files after each restart.

In addition, researchers have noticed that there are a large number of errors in the MindLost ransomware code, such as the binary file path containing the name of the person (which cannot be guaranteed to be the name of the ransomware Developer ). The researchers also warned that currently MindLost is likely to be in the development stage, but the impact may be further increased after it completes development, users who intend to pay a ransom by credit or debit card may suffer secondary harm.