2017 has just begin and with that a new wave of ransomware has emerged. Two of the extreme cases of new variants have been discovered by researchers, Spora for one is one of the most sophisticated variant, while Marlboro is the epitome of immaturity.
Marlboro Ransomware, encrypts the files and changes the extension to .oops and displays the message.
Over here we have to note that the author claims to have implemented RSA and AES ciphers. However, the Ransomware author, had faked this message and was using XOR to encrypt the data and to make the matters worse used BOOST Library to do this task.
For a layman these terms are technical, however from programming point of view, even a skiddie with little bit of intelligence would write the XOR code himself, rather than relying on Boost library for this.
However, when we look into Spora Ransomware, it is quite evident from the first instance that it’s on the other side of the spectrum. Professionally coded, usage of AES and RSA, with the public keys being encrypted, the dashboard too showing elegance and to make the matters worse, Spora offers the victims immunity from further attacks if their demands are met.
Moreover, in recent weeks, we have observed that Ransomwares are now targeting Database Servers, especially the MongoDB and ElasticSearch Clusters.