An Upgraded Satan Ransomware Infects Hundreds of Windows Servers in China, Demanding a Ransom of 1 Bitcoin Within 3 Days
Cybercrime involving cryptocurrencies is still on the rise despite the ongoing bear market. Chinese cyber security company Qihoo 360 warned Chinese citizens on Jan.28 of a new variant of “Satan” ransomware which demanded a ransom of one Bitcoin(BTC) in exchange for decryption.
The company noted in a blog post the ransomware had infected more than 100 Windows servers by exploiting several web application vulnerabilities, and the number of victims was rising.
Unlike most traditional ransomware attacks, where ransom notes are written in English, Chinese and Korean, the ransom note this time was only available in Chinese, signaling that new “Satan” ransomware has only targeted Chinese users so far.
The hacker behind the notorious “Satan” ransomware demands a ransom of one Bitcoin (BTC), and if the ransom was not paid within 72 hours, the price would double. “Such ransomware strategy shows that the attackers currently have a strong demand for ransom,” the company said in the blog.
The hacker also wrote his email and bitcoin address on the ransom note.
According to Qihoo 360, the latest ransomware attacks feature a new extension to encrypted files, “evopro”. In addition, the “Satan” ransomware updated its algorithm, using the mt19937 algorithm to generate random numbers for encryption in order to avoid the embarrassing situation that encryption is cracked due to the use of low-intensity pseudo-random number generation algorithms.
Satan ransomware first appeared in January 2017. It targeted both virus-infected computers and servers in its early days and allowed anyone to create their own customized version of Satan ransomware on their websites by signing up for an account.
Victims of the Satan ransomware attackers are advised not to pay the ransom because the files are highly likely to be decrypted if they pay ransom. The internet security company suggested that server administrators fix the system and web application vulnerabilities and use high-strength passwords.