New Strain of Ransomware dubbed PXJ discovered
By Aneesh A S
Researchers from IBM X-Force warn of a new malware strain called PXJ Ransomware which first emerged in early 2020. The new ransomware affecting Windows Operating Systems , behaves with common ransomware functions, though it does not appear to share the same underlying code with most other ransomware strains.
The researchers spotted the ransomware for the first time on February 29, when two samples were uploaded to the site VirusTotal. Only one of the two samples analyzed was found to be packed using the open-source executable packer UPX. The ransomware got the name ‘PXJ’ from the file extension that it uses affixes for the encrypted files.
The initial infection vector of the ransomware is yet to be determined.
First , the user’s ability to recover any files from deleted stores is disabled. It empties the recycle bin and then executes a series of commands that prevents the recovery of data that’s been encrypted. This is done by deleting the volume shadow copies, which are used to create backup copies in Windows, and also by disabling the Windows Error Recovery service.
Then it starts by encrypting the victims’ files like images, databases, documents, videos among other files. AES and RSA algorithms are both used to encrypt the data.
After the encryption process is complete , the ransomware will drop the ransom note into a file called “LOOK.txt”, which advises the victim to contact the attacker via email to receive information on how to pay the ransom with the popular cryptocurrency , Bitcoin.
The ransom will double every day after the first three days if victims do not pay. The attackers also threaten their victims that after a week, the decryption key will be destroyed, making it impossible to recover the encrypted files.
The ransomware business has become common now for cybercriminals. It keeps evolving every day with new abilities and the cybercriminals earn millions of dollars from their victims.