It’s getting even more crayz. Now a Ransomware has been found which encrypts the contents of the logical Windows drive D:, E:, F: etc. instead of files on the drive C:. It is still unclear what exactly is behind this (unfinished Ransomware or a targeted attack on network shares).
I became aware of this ransomware via several post like to following tweet and this Trend Micro article.
— David Logan (@DavidLogan2020) November 15, 2019
The AnteFrigus Ransomware was discovered by the exploit kit expert Mol69. The malware is delivered via a Hookads-Mal-Spam-Campaign. The spam mails in question attempt to lure the victims to the RIG Exploit Kit server, where the attack takes place. The Ransomware does not encrypt files on the Windows C: drive. Instead, the AnteFrigus ransomware variant encrypts the files located in the D:, E:, E:, F:, G:, H:, and I: drives.
BleepingComputer suspects that the originators are planning a more complex attack, targeting only certain drives where users typically use network shares in corporate environments. However, security researcher Vitali Kremez, contacted by BleepingComputer, believes that the Ransomware variant may still be in development.
BleepingComputer also conducted its own test of AnteFrigus and observed that the cybercriminals behind this ransomware variant were demanding a ransom of $1,995 in Bitcoins. The amount doubles if the victim does not pay within four days and five hours.