A new form of ransomware known as TrueCrypter has boldly designated Amazon gift cards as a viable option by which victims can pay their ransom fees.
Bizarrely, however, victims need pay nothing at all – as simply pressing “Pay” without submitting any payment information results in encrypted files being automatically recovered.
First detected by Jakub Kroustek, a reverse engineer and malware analyst at AVG, TrueCrypter is for the most part a run-of-the-mill ransomware sample.
Lawrence Abrams of Bleeping Computer explains that when TrueCrypter is first installed, it checks to see it is running in Sandboxie. If not, it looks for “antilogger,” “wireshark,” “fiddler,” and other processes that are known to be associated with security software. If it finds any of those processes are running, it will try to kill them. Otherwise it will simply crash, for there is no error handling.
Original Source: Graham Cluley’s Blog
View the full story here