New Payday BTCware Ransomware Variant Released

By   ISBuzz Team
Writer , Information Security Buzz | Oct 17, 2017 05:00 am PST

News broke this morning that a new variant of the BTCware ransomware is currently targeting victims and appending the .[email]-id-id.payday extension to encrypted files. This family of ransomware targets its victims by hacking into poorly protected remote desktop services and manually installing the ransomware. Marco Cova, Senior Security Researcher at Lastline commented below.

Marco Cova, Senior Security Researcher at Lastline:          

marco cova“This is yet another entry for the ever-expanding ransomware zoo. The sample itself does not appear too interesting in itself: for example, it requires manual interaction via email with the attackers to decrypt files and it requests payment in bitcoin, just like a score of similar tools. What is interesting is that criminals continue to resort to pretty standard ransomware attacks like this: this clearly is an indication that such attacks are still effective and profitable for the criminals running them.”


Fraser Kyne, EMEA CTO at Bromium:

fraser kyne“Malware writers are opportunistic – and will take advantage of a lack of good security hygiene to find such vulnerabilities. However, the more scary truth is that even if you’re careful, diligent and fully patched you’re still not properly protected.

“Despite the overwhelming evidence that current approaches are failing, the industry’s response continues to be more of the same, and ransomware variants will continue to find new ways in. If we keep trying ‘next gen’ then we will just get faster at failing – we need something completely new.

“The inherent failing in security today is that ‘detect to protect’ is fundamentally flawed. Detecting ransomware once it has already hit the endpoint is pointless, the damage is done. This is why businesses need to focus on protection – let the ransomware come through, but isolate and contain it in a virtual environment, so that the hacker has nowhere to go and no data to exfiltrate. Only by accepting ransomware as a part of life, and limiting the damage and profits that can made by it, will we start to see any turning of the tide.”