LockCrypt Ransomware Spreading via RDP Brute-Force Attacks [source: alienvault]
by CIRT Team
We previously reported on SamSam ransomware charging high ransoms for infected servers. But SamSam isn’t the only ransomware out there charging eye-watering amounts to decrypt business servers.
Initial reports of a new variant of ransomware called LockCrypt started in June of this year. In October we saw an increase in infections.
LockCrypt doesn’t have heavy code overlaps with other ransomware. We’ve seen evidence that the attackers likely started out with easier-to-deploy “ransomware as a service” before re-investing in their own ransomware.
We have seen small businesses infected with LockCrypt in the US, UK, South Africa, India and the Philippines.
For more, click here.