Ransomware is a threat that continues to grow in popularity with cybercriminals due to its success rate and monetary potential. In past blogs such as Rampant Ransomware we have discussed some different Ransomware variants and techniques. Now we have encountered yet another new variant identified as Trojan.Ransomlock.K.
While finding a new Ransomware variant is no real surprise, during analysis we found an active command-and-control (CC) server login used by the threat.
Figure 1. Silent Locker Control Panel login
After further analysis and research we then identified a control panel known as the Silent Locker Control Panel which is freely available for download on the Internet and is being used in conjunction with the Trojan.Ransomlock.K threat.
Figure 2. Silent Locker Control Panel
The Silent Locker Control Panel, while in Russian, has some similar capabilities to other control panels we have seen in the past used in conjunction with such malware as Trojan.Zbot and Trojan.Spyeye. The opening screen, seen in Figure 2, above is used for tracking the number of successful infections.
Figure 3. Silent Locker Control Panel billing
The screen, seen in Figure 3 above, is used for tracking billing details such as country and date.
View full post on National Cyber Security » Security News