Security Alerts & News
by Tymoteusz A. Góral

History
#1025 MIRCOP crypto-ransomware channels Guy Fawkes, claims to be the victim instead
Ransomware behavior has been the talk of the town. We have seen oddly long ransom payment deadlines from GOOPIC, password stealing capabilities from RAA, chat support from the latest JIGSAW variant, and all these are just incidents discovered this June. But among these new behaviors, we came across a unique behavior in MIRCOP crypto-ransomware.

Detected as RANSOM_MIRCOP.A, MIRCOP places the blame on users and does not give victims instructions on how to pay the ransom. In fact, it assumes that victims already know how to pay them back.

The emphasis on paying them back paints the situation that the victims already know who to send the ransom demand to. The whole note, which displays a hooded figure in a Guy Fawkes mask, suggests that victims may have “stolen” from a notorious hacktivist group and threatens further actions if the victims are unable to pay.

MIRCOP demands users to pay the ransom amount of 48.48 bitcoins (US$ 28,730.70 as of June 23, 2016), which is among the highest demands we have seen. And at the end of the note, the author leaves a bitcoin address. Unlike other ransomware notes where victims are instructed step-by-step on how to make the payment, MIRCOP suggests that the victim is familiar with making bitcoin transactions. We checked the address and as of this writing, no payments have yet been made.
Read more
#1027 New CryptXXX can evade detection, outsmart decryption tools
#1026 Proxy.sh hints at gag order after VPN node withdrawn from warrant canary
#1025 MIRCOP crypto-ransomware channels Guy Fawkes, claims to be the victim instead
#1024 Uber hacking: How we found out who you are, where you are and where you went!
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12