live casino online

The activity of this year and there seems to be no signs of it stopping. The popularity of the open-source ransomware continues to encourage the development of more dangerous versions of the original, which cybercriminals are using in attacks that are growing more sophisticated.

The two newcomers are tagged with the names CryMore (detected by live casino online as Ransom_HIDDENTEARCRYMORE.A) and R4bb0l0ck (Ransom_HIDDENTEARRABLOCK.A).

CryMore targets a range of common file types except for .jar, .exe, .vbs, .dll,.lnk, and .encrypt, and encrypts these files using the AES encryption algorithm.The variant arrives as a Win32 EXE file, and is written in Microsoft Intermediate Language (MSIL). The ransom note demands Bitcoin payment in exchange for a decrypt key, but doesn¡¯t specify the amount.

Figure 1. CryMore ransom note

R4bb0l0ck features a ransom note written in Dutch language. Translated to English, the note warns the victim that ¡°it will be too late¡± if the victim doesn¡¯t send an email to the provided address within an hour after encryption. The Hidden Tear variant, which arrives as a PDF document, also demands that the victim meets other conditions, such as having privileges on an account indicated in an email, and being given ¡°5,000 crowns¡± and ¡°5,000 diamonds¡± using the same account.

Figure 2. R4bb0lock ransom note

Hidden Tear isn¡¯t the only ransomware to inspire cybercriminals to launch new attacks based on the original code of other ransomware. Last week, a new member of the family emerged in the form of The Dark Encryptor (detected by live casino online as Ransom_DARKENCRYPTOR.A). The variant was found in the wild with a typical image of Jigsaw plastered across its ransom note. Encrypting targeted files with a so-called military grade algorithm, the ransomware asks victims to pay US$100 in exchange for a decrypt key. The note also threatens to raise the ransom to $350 if payment is not made within five days.