File Spider ransomware hit Balkan countries and demands ransom in 96 hours 2017 was a year when security researchers and Internet surfers had to survive many massive ransomware attacks: WannaCry, NotPetya and one of the most recent ones called File Spider crypto-malware. Since hackers are figuring out new techniques to attack users, it is crucial that people would not hesitate to back up their data before it is too late.
The malspam campaign, delivering payloads of File Spider virus, began sometime around 10th of December. Its main targets were Balkan countries, and this means that regions of Serbia, Bosnia and Hercegovina and Croatia were the ones to be exposed to the infection. The sent emails had a twist: they were informing people of their case debt collections.
This financial theme is definitely successful as it is most likely to trigger a response from the recipients. If you would receive a letter about an alleged debt and its payment, I presume you would feel slightly intimidated and have no choice but to open it. However, you have a decision, and you can decide to check the legitimacy of the sender before figuring out the next step.
The opened letters contained .doc files which open in Microsoft Word program. As soon as users launch the downloaded executable, they would be introduced with a rather regular text. Before continuing further, people frequently click on the “Enable Editing” button which makes the reviewing of the document a little easier. However, this is exactly the choice that hackers are expecting you to make. Therefore, the “Enable Editing” button becomes “Click here to become infected with File Spider ransomware”. Once this decision has been made, the hidden malicious macros are run, and an operating system becomes tainted with a File Spider crypto-virus.
Enc.exe and dec.exe processes begin after the malware is fully activated. Files become encrypted with AES-128 bit encryption, and hackers make their demands clear in the ransom notes and TOR website. Authors had also decided to allow victims to select from a couple of languages in which the ransom letters are displayed. Lastly, crooks expect the payments for decryption to be made in 96 hours. If victims do not follow the rules, their files are going to be permanently deleted.
In my opinion, it is never appropriate to pay the ransom even if it is small. With this action of surrender, you are allowing hackers to realize that this file-encryption-ransom strategy is working. Since many victims still choose to pay money in order to retrieve their files, it is doubtful that the developers of ransomware viruses are going to move on. Why would they if this technique brings them the money they desire? I do understand that the possibility of losing all your digital files is devastating. If that is the case, do not be ignorant and store them in an appropriate backup storage. Since there are new methods of ransomware-distribution coming out on a regular basis, file-backuping appears to be the only guaranteed prevention method.