There is no relief in sight for combating new strains of ransomware. One new ransomware, dubbed the Spider virus, was discovered by researchers at Netskope on December 10, 2017, and continues to attack victims to date.
To implement the Spider Virus, attackers send malicious emails containing a Microsoft Office attachment that includes macros to potential victims. If the attachment is opened and the macros are enabled, the user unknowingly downloads ransomware into the system.
The ransomware encrypts the user’s files, adding a “spider” extension to the files and then displays the ransom note, which tells the victim that it has been “INFECTED WITH FILE SPIDER VIRUS” in RED BOLD LETTERS with a black backdrop. The message goes on to tell the user that “Original content of your files are wiped and overwritten with encrypted data so it cannot be recovered using any conventional data recovery tool.”
The user is then told that in order to get the key to decrypt the files, they must visit the intruder’s website, which provides instructions on how to download the Tor browser, how to pay the ransom in bitcoin, and how to generate the decryption tool. They even have a tutorial video to assist victims. The kicker? All of this must be done within 96 hours. Otherwise, the files will be deleted.
This new ransomware reinforces how important education is for users so the ransomware is never introduced into the system, how important backing up critical files is for business operations, and the importance of disabling macros by default.