LovxCrypt: Cylance reports the security company Cylance reported a new variant in the April 2015, for the first time dipped to Ransomware CrypVault new Ransomware variant

. The described attacks with LovxCrypt be done with an E-Mail attachment is supposedly an applicant’s curriculum vitae. Such a distribution method, even if it is no longer original, can cause apparently infections in enterprises.

 Ransomware (image: Shutterstock)

also LovxCrypt as a new variant is opposed to the current trend of increasingly complex ransomware. Already CrypVault was based simply on Windows scripting languages. For cybercriminals, it is therefore relatively easy to create new variants by minor changes in the code. “As usual we see attackers who want – picking low hanging fruit with a little simple code to make a quick buck,” commented the Cylance threat guidance team in a blog .

LovxCrypt the spam E-mail transported via an attached ZIP-archive, a file with the extension. CHM contains. This referred to a format Microsoft for Windows Help files. CHM files are in turn compressed archives which in turn various files may contain. Double-click on one to one CHM file JavaScript, can run VBScript and a PowerShell script. Because it runs outside the browser, essential security precautions for the scripts do not access, which explains the popularity of this style when malware authors.

as already in the previous CrypVault is the key component of a Windows batch file that controls all activities of malicious software. This includes the configuration of GnuPG-environment for the encryption of all important files on the victim’s computer. The batch file is also according to Cylance through some kind of spaghetti-code, which will complicate the analysis. Even random strings are included with, which had nothing to do with the task of the code at all. You were only used to avoid detection by conventional antivirus signatures.

after encryption the Ransomware creates a ransom demand. Each click on a encrypted files now with the extension of that. LOVX are provided, the blackmailer’s explanation that he needed a key to the deciphering of his files presented the victims.

‘as we have shown, is easy to create a functioning and effective Ransomware as LovxCrypt by the exclusive combination of scripting languages, as well as well-known encryption tools such as GnuPG”, close the safety experts from their analysis. “We expect to see even more of them.”

Cylance offers a ‘Next generation’ malware protection protect, based on machine learning. Protect was therefore trained with the “DNA marker of one billion known malicious and one billion known harmless files”. Previous investment measure a value of one billion dollars to the company. Competitors accused the security firm but with fake malware customers to advertise and to prevent independent testing.


what next – BB´s storage & co: the enterprise cloud!

get to know the building blocks of enterprise cloud platform in this audio Webinar. Learn how to achieve maximum freedom and flexibility for your applications. More outcome achieved with less input – specific application examples.

Be the first to comment

Leave a Reply