The Fallout Exploit kit which was seen distributing GandCrab ransomware last month was discovered distributing a new ransomware called SAVEfiles this week.
Security researcher Kafeine spotted it and is being distributed through malvertising campaigns.
According to reports the campaign has been targeting countries like Japan, France and others.
Here in this attack user are made to go through no of redirects until it reaches the website hosting the Fallout Exploit kit.
Once it reaches, the exploit kit will automatically download and execute the SAVEfiles ransomware.
Once installed the ransomware will start the encrypting user files and will append a .SAVEfiles extension to the encrypted files.
The ransomware will also create a ransom note named !!!SAVE__FILES__INFO!!!.txt in each folder while encrypting.
In the ransom note, the victim is asked to contact through email using the personal id mentioned in the ransom note. The email id’s given in the ransom note are BM-2cXonzj9ovn5qdX2MrwMK4j3qCquXBKo4h@bitmessage.ch ,firstname.lastname@example.org.
Last month security researchers discovered Fallout Exploit kit distributing GandCrab ransomware through malvertising campaigns,
The campaign was targeting users in Japan, Korea, the Middle East, Southern Europe, and other countries in the Asia Pacific region.
Always follow these basic instructions to protect yourself from any ransomware attack:
- Perform regular backups. Ideally, this data should be kept on a separate device, and backups should be stored offline
- Maintain updated Antivirus software for all systems
- Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited email, even if the link seems benign. In cases of genuine URLs close out the e-mail and go to the organization’s website directly through the browser.
- Keep the operating system and third-party applications (MS office, flash player, browsers, browser Plugins) up-to-date with the latest patches.
You may be interested in reading:Flaw in Edge and Safari Browser allows Address Bar Spoofing