The scourge of ransomware is not only increasing, but the primary target for attacks is shifting.
According to a new study from Endgame, while ransomware formerly was focused on larger high-value targets, such as hospitals, two updates in the latest version of the notorious TeslaCrypt illustrate that it is not only spreading wider, but it is also evolving with new capabilities.
A new iteration of the TeslaCrypt ransomware is targeting a number of new extensions, most notably: .7z; .apk; .asset; .avi; .bak; .bik; .bsa; .csv; .d3dbsp; .das; .forge; .iwi; .lbf; .litemod; .litesql; .ltx; .m4a; .mp4; .rar; .re4; .sav; .slm; .sql; .tiff; .upk; .wma; .wmv; and .wallet.
Endgame detected stronger obfuscation strategies – such as AV evasion, anti-debugging and stealth – embedded into the one-week-old TeslaCrypt 4.1A. Further, the plight is reaching into personal networks and “growing sophistication presents significant challenges to the security community and significant threats to users of all kinds,” the report stated.
The malware is spreading via a flood of spam campaigns, the researchers said, noting that while demanding smaller sums of money, the attacks still remain profitable as they’re reaching a wider audience.