comscore This new ransomware locks you out of your PC and encrypts your data
News

This new ransomware locks you out of your PC and encrypts your data

The new string of the REvil ransomware has now been adapted by the group Sodinokibi to now encrypt your files and change your Windows 10 login passwords.

ransomware-coronavirus-outbreak

Photo: Pixabay



Since most of us started working from home due to the Covid-19 virus outbreak malware and ransomware attacks have increase multi-fold. While most such ransomware attacks encrypt user files and demand payment in exchange for the decryption key code. Now, a new ransomware string is making rounds that along with encrypting the files also locks the user out of their computer completely. Also Read - Ransomware attacks: 75 percent spike in attacks on Linux OS users in first half of 2022

According to a report by TechRadar, The new string of the REvil ransomware has now been adapted by the group Sodinokibi to now encrypt the files on your computer while at the same time also change your Windows 10 login passwords. Also Read - Goodwill ransomware wants you to help needy people to get decryption key

The new string changes the login passwords and puts the system into the Safe Mode, where only core Windows system services are allowed to run. Regular safety mechanisms like anti-virus software or any user deployed data protection methods are not functional in Safe Mode. Taking advantage of this limited functionality the malware carries out its encryption process unhindered before the user is able to reboot the machine. Also Read - Garmin fitness devices, app face outage due to technical issue

The report claims that the new re-worked string of the REvil ransomware automates the rebooting process, by changing the user password to “DTrump4ever.” This basically eliminates the process for the malware to wait for the user to manually reboot into the safe mode, thus guaranteeing that the PC will be compromised using this method.

As of now, it is unknown if new sample strings of the REvil ransomware continue to use the DTrump4ever password or not.

Apart from this, Sodinokibi has also announced that they will be performing DDoS attacks on victims and email victims’ business partners about stolen data if a ransom is not paid.

  • Published Date: April 9, 2021 1:48 PM IST
For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow BGR India’s Facebook, Twitter, subscribe our YouTube Channel. Also follow us on  Facebook Messenger for latest updates.