------------------------------------------Important Blog Update!!!!!!!--------------------------------------------
EXPLOIT/MALWARE ALERT
This is breaking news from the Awesome Uno Management Center in ITGeeks HQ. I have just received news that a new way of delivering malware to your PC has been discovered. More info as follows:
Beware of emails appearing to come from Google warning you that “Your version of Google Chrome is potentially vulnerable and out of date”.
In this latest spam wave, cyber crooks are tricking users into downloading the well-known browser, except that it’s a dangerous Trojan that will encrypt your personal files and demand a hefty ransom to decrypt them back. The ransom is called CTB-Locker and it's deadly.
The payload is not attached to the email but instead gets downloaded from various websites that appear to have been compromised.
One particular domain appears to serve as the dynamic redirection mechanism:
assetdigitalmarketing.com/redirect.php
It then directs the user to one of the following sites where the fake installer is hosted:
hxxp://www.thelastxmas.com/ChromeSetup.exe hxxp://www.baddadsclub.com/ChromeSetup.exe hxxp://cognacbrown.co.uk/ChromeSetup.exe hxxp://www.geordie.land/ChromeSetup.exe hxxp://www.goodtobeloved.com/ChromeSetup.exe
Running “ChromeSetup.exe” will not install Google Chrome. Instead the Windows wallpaper will change to this:
The bad guys demand a ransom that can be paid using Bitcoins:
Malwarebytes Anti-Malware detect this ransomware as Trojan.ZBAgent.NS and will eradicate it.
The problem with ransomware is that while the active Trojans can be removed, it is much more difficult and sometimes impossible to recover the encrypted files.
The folks at BleepingComputer have some tips on how to restore your encrypted files. However, as is often the case, prevention is critical to avoid a nasty ransomware infection.
Social engineering remains a powerful technique to trick people into running programs they shouldn’t. As a rule of thumb you should always only download files from their official website rather than from some unknown site.
Further reading:
“Crypto Ransomware” CTB-Locker (Critroni.A) on the rise | MalwareDontNeedCoffee