NUEVO RANSOMWARE MOLE QUE PASAMOS A CONTROLAR CON ELISTARA. AÑADE .MOLE EN LUGAR DE LA EXTENSIÓN Y EN LUGAR DEL NOMBRE PONE 32 DIGITOS HEXADECIMALES

Es una nueva familia de ransomwares que pasamos a controlar a partir del ELISTARA 36.66 de hoy.

– NO queda residente. (es de acción directa)
– Codifica ficheros cambiándoles el nombre (respetanto %WinDir%)

El preanalisis de virustotal ofrece el siguiente informe:
MD5 48460c1f75469995a67349fe0766f776
SHA1 7231c635ee7623977c79f8a44a77384a4ff4536f
Tamaño del fichero 88.0 KB ( 90112 bytes )
SHA256:
648eb39a5e77af2e2069e196a5709a93e81b29c74dbe2fa4ead4440e0f535e97
Nombre:
48460c1f.exe
Detecciones:
49 / 62
Fecha de análisis:
2017-04-19 13:11:22 UTC ( hace 0 minutos )

total es el siguiente:

El mensaje que ofrece en los ordenadores afectados dice:

” All your important files were encrypted on this computer.
You can verify this by click on see files an try open them.
Encryption was produced using unique public key RSA-1024 generated for this computer.
To decrypted files, you need to obtain private key.
The single copy of the private key, with will allow you to decrypt the files, is locate on a secret server on the internet.
The server will destroy the key within 78 hours after encryption completed.
To retrieve the private key, you need to Contact us by email , send us an email your DECRYPT-ID-7270f3e3-3058-4944-9c9d-f27a4778e055 number
and wait for further instructions.
For you to be sure, that we can decrypt your files – you can send us a single encrypted file and we will send you back it in a decrypted form.
Please do not waste your time! You have 72 hours only! After that The Main Server will double your price!
E-MAILS ADRESS:
oceanm@engineer.com
oceanm@india.com”

Dicha versión del ELISTARA 36.66 que lo detecta y elimina, estará disponible en nuestra web a partir del 19-4 prox.

saludos

ms, 19-4-2017