Since most of us started working from home due to the Covid-19 virus outbreak malware and ransomware attacks have increase multi-fold. While most such ransomware attacks encrypt user files and demand payment in exchange for the decryption key code. Now, a new ransomware string is making rounds that along with encrypting the files also locks the user out of their computer completely. Also Read - Garmin fitness devices, app face outage due to technical issue
According to a report by TechRadar, The new string of the REvil ransomware has now been adapted by the group Sodinokibi to now encrypt the files on your computer while at the same time also change your Windows 10 login passwords. Also Read - PSA: Reliance Jio Rs 498 free recharge message being sent on WhatsApp is fake
The new string changes the login passwords and puts the system into the Safe Mode, where only core Windows system services are allowed to run. Regular safety mechanisms like anti-virus software or any user deployed data protection methods are not functional in Safe Mode. Taking advantage of this limited functionality the malware carries out its encryption process unhindered before the user is able to reboot the machine. Also Read - Coronavirus Tracker app on Android is a malicious ransomware; security researchers explain how to unlock affected devices
The report claims that the new re-worked string of the REvil ransomware automates the rebooting process, by changing the user password to “DTrump4ever.” This basically eliminates the process for the malware to wait for the user to manually reboot into the safe mode, thus guaranteeing that the PC will be compromised using this method.
As of now, it is unknown if new sample strings of the REvil ransomware continue to use the DTrump4ever password or not.
Apart from this, Sodinokibi has also announced that they will be performing DDoS attacks on victims and email victims’ business partners about stolen data if a ransom is not paid.