Newly-discovered data extortion marketplace Industrial Spy
has entered the ransomware game, with MalwareHunterTeam discovering a new Industrial Spy malware sample containing a ransom note, reports BleepingComputer
Industrial Spy has claimed in the ransom note that victims' data were not only stolen but also encrypted, as well as threatened the complete loss of data should victims seek to retrieve stolen data. Victims of Industrial Spy were also warned to communicate with attackers within three days to avoid having their data published on the Industrial Spy Market website. BleepingComputer confirmed that while the new Industrial Spy malware sample shared by MalwareHunterTeam has file encryption capabilities, encrypted files are not given a new extension. The Industrial Spy malware also seemingly leverages DES encryption, as well as utilizes a 0xFEEDBEEF filemaker, which is unique among ransomware strains, according to ransomware expert Michael Gillespie. Industrial Spy has also been associated by MalwareHunterTeam to the Cuba ransomware operation, based on the ransom note's TOX ID and email address.