While it holds your files hostage, the newly discovered ransomware FireCrypt also directs your computer to perform a poor man's distributed denial of service (DDoS) attack by continuously connecting to a specifically targeted URL and repeatedly downloading junk content into a temporary folder.
The presently targeted URL, which is hardcoded into FireCrypt's source code, belongs to the Pakistan Telecommunication Authority. However, it is unlikely that the ransomware is causing the agency's website much disruption: "The crook would have to infect thousands of victims before launching a DDoS attack large enough to cause any problems to the Authority's website," according to a BleepingComputer report on Wednesday.
Discovered by MalwareHunterTeam on Jan. 4, FireCrypt appears to be a rebranded version of a identified discovered ransomware called Deadly for a Good Purpose. Featuring malicious executables disguised as PDFs and Word documents, the malware encrypts 20 different file types with an AES-256 algorithm. Based on the example provided in the report, the malware requests a ransom of $500 in Bitcoins.
A joint analysis conducted by MalwareHunterTeam and BleepingComputer determined that FireCrypt samples are developed with the aid of a ransomware building kit. According to the report, the malware author uses a command-line application called BleedGreen to automate the creation of FireCrypt samples and efficiently modify basic settings as needed.
New ransomware threats continue to emerge at an alarming rate, prompting the need for more effective solutions. According to a January 2017 report from research firm MarketsandMarkets, the ransomware protection market is expected to grow from $8.16 billion in 2016 to $17.36 billion by the year 2021.
