Malware, Network Security, Ransomware

HDDCryptor ransomware uses legit, off the shelf software

HDDCryptor is a ransomware variant with a couple of new twists added that makes it an effective tool for cybercriminals, a Trend Micro study found.

HDDCryptor, detected as  Ransom_HDDCRYPTOR.A, uses a combination legitimate and illegitimate tools to lock up not only a PC, but any attach storage drive, wrote trend researchers Stephen Hilt and William Gamazo Sanchez. Two of the legal pieces of software used are Netpass and DiskCryptor. The former grabs all network passwords stored on the system, which are then used to grab and encrypt networked folders, and the latter encrypts the files.

“It also uses DiskCryptor to overwrite the Master Boot Record (MBR) and adds a modified bootloader to display its ransom note, instead of the machine's normal log-in screen,” the researchers said, adding he DiskCryptor version used is two years old, but still quite effective.

What Trend found particularly interesting is how easy this malware was to put together by simply using some off the shelf, legal tools.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.