Following the news about the recent variants of the “Merry Christmas” ransomware, also known as Merry X-Mas, are also dropping the DiamondFox malware on infected computers, which is used by the ransomware’s operators to collect data from infected hosts, such as passwords, sensitive files, and others. Travis Smith, Senior Security Research Engineer at Tripwire commented below.
Travis Smith, Senior Security Research Engineer at Tripwire:
“Creating malware can be like walking down an exploit buffet line. Being able to reuse code is done every day by software engineers all over the world, cyber criminals are no different. If the people behind a malware campaign are looking to make a few extra bucks, adding in a ransomware component would be trivial.
It’s important to know that when you pay a ransom, the only “guarantee” is that the decryption key to your files will be provided. There are no instances of ransomware noted which says it will remove any other malware. Restoring access to files, by paying the ransom or not, is just the first step in responding to ransomware. Understanding where and how the malware got in can not only protect against future infections, but also open the opportunity to completely eradicate the malware from the environment.”