A new ransomware strain has recently surfaced, targeting victims with a deceptive tactic. This malicious software pretends to be a secure storage system for SpriteCoin, a non-existent cryptocurrency, in an attempt to fool users. However, instead of providing any legitimate service, the ransomware encrypts the victim’s files and demands payment in Monero, a type of cryptocurrency known for its privacy features.
According to researchers at Fortinet FortiGuard Labs, the ransomware presents itself as a wallet for SpriteCoin and prompts the user to create a password. Despite claiming to be a storage mechanism, the malware does not actually function as such. Instead, it encrypts the user’s files covertly and demands a ransom in Monero. If the ransom is paid, an additional malware component is deployed during the decryption process. This secondary malware is capable of harvesting certificates, parsing images, and even activating the victim’s web camera, posing a serious threat to the user’s privacy and security.
The initial executable file of the ransomware is designed for evasion, displaying a typical ransom note informing the victim that their files have been encrypted. The ransom demand is set at 0.3 Monero, equivalent to approximately $105 at the current exchange rate. Fortinet researchers have identified that the malware utilizes an embedded SQLite engine to store harvested credentials. It first targets Chrome credentials and, if unsuccessful, moves on to access Firefox credentials. Specific files are then encrypted with an added file extension, such as “resume.doc.encrypted.”
The choice of Monero as the demanded ransom payment represents a departure from the more commonly used Bitcoin in the ransomware landscape. This shift highlights the evolving tactics of ransomware authors, who are capitalizing on the popularity and hype surrounding cryptocurrencies.
To mitigate the impact of ransomware attacks, it is essential for users to regularly back up their files and store backups offline on separate devices. Redundancy in backup storage locations can ensure that data remains accessible even in the event of a ransomware attack. Additionally, user awareness and training play a crucial role in preventing malware infections. Fortinet recommends that companies implement a formal security training program for employees, conducting sessions at least once a quarter to educate personnel on cybersecurity best practices.
By staying vigilant and implementing proactive security measures, users can protect themselves against the growing threat of ransomware attacks. Awareness, education, and robust backup strategies are key to safeguarding valuable data and preventing cyber threats from causing irreparable harm.