New Malware Variant Hits With Ransomware or Cryptomining

A new variant of old malware scans a system before deciding just how to administer pain.

Dark Reading Staff, Dark Reading

July 6, 2018

1 Min Read
Dark Reading logo in a gray background | Dark Reading

A long-known ransom Trojan has added new tactics and a new talent, according to research released by Kaspersky Labs. The Trojan-Ransom.Win32.Rakhni family has been around since 2013, but a new variant does a search of files on the victim's system and decides whether to launch ransomware — or simply use the computer to mine cryptocurrency.

Researchers identified a new variant of the remote execution downloader that queries the victim's system on a number of factors, from the existence of Bitcoin storage to the presence of certain virtual machine managers, before downloading either an encryption payload or one that begins mining Monero coins.

So far, the vast majority (over 95%) of those targeted by the new variant have been in the Russian Federation, with smaller numbers of victims in Kazakhstan, Ukraine, Germany, and India.

For more, read here.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights