News broke overnight that , a new variant of the HC7 Ransomware is in the wild that encrypts a victim’s files and appends the .PLANETARY extension to the filename. What makes this particular ransomware variant unique is that it may be the first one that accepts the Ethereum cryptocurrency as a ransom payment. Andy Norton, Director of Threat Intelligence at Lastline commented below.
Andy Norton, Director of Threat Intelligence at Lastline:
“The monopoly of bitcoin as a criminal payment currency is over. Famously the shadow brokers led the way specifying ZCash as their platform, but additionally we have tracked a huge trend towards Monero by cybercriminals as a mining payload and now as a ransomware payment option. Cybercriminals are probably offering multiple options for a few reasons. Firstly, they expect more people to have a bitcoin wallet, making it easier for them to pay, and secondly they expect Ethereum and Monero to rise more sharply than bitcoin. There has been 1 transaction into the bitcoin wallet specified ( 14waKKzAEQbTmM1Wyfax2N1cgjJbHjhH7J ). However, it’s not just Ethereum; We have seen Aero, FantomCoin and Monero all being used in malware payloads. It also looks likely a Brazilian insurance company has been impacted with a related .RQUILT extension instead of .planetary”