Pete LinforthNews

Old ransomware Jigsaw reemerges, upgrades to become bitcoin stealer

(Image by Pete Linforth/Pixabay)

Even cybercriminals upgrade or upcycle ransomware as evidenced by Jigsaw that has reemerged to target the cryptocurrency industry. The ransomware is now known as BitcoinStealer and can wipe out victim’s wallet.

ZDNet reported that researchers say cybercriminals were able to steal 8.4 bitcoin or $66,807 as of July 24, 2018, using the upgraded malware. It also said that there similar malware programs and services that are being offered in dark web forums and websites.

In a blog post, Trend Micro explains how the malware embeds strings in the malware code to be able to modify the victim’s bitcoin address with an open-source command-line tool (VanityGen), which then allows criminals to wipe out the victim’s wallet.

Jigsaw uses VanityGen to alter the email addresses making it appear that the victim’s and the criminal’s bitcoin addresses are the same confusing the former.

The file-encrypting malware first emerged in April 2016 but cybercriminals seem to be rehashing or upgrading older versions to target the fast-growing cryptocurrency industry. As ransomware, Jigsaw criminals would set a time limit then slowly delete files until the victim pays the ransom. Trend Micro wasn’t even surprised at the reemergence as it is becoming a trend nowadays.

Criminals now are innovative. With the new Jigsaw, they started using live chat support and images from the Saw films and Anonymous) before demanding the victims to pay up.

TrendMicro made a list of malware programs that have been upgraded “to adapt to the times” and these include Rakhni trojan, that has the ability to deploy ransomware or crypto-mining malware “on the affected system’s configurations”, Trickbot also known as information stealer that can lock the device’s screen, Cerber ransomware that has expanded also into the crypto-mining.

“Cybercriminals also used notorious exploits like EternalBlue to mine cryptocurrency. In 2017, cryptocurrency mining was the most detected network event in devices connected to home routers,” according to TrendMicro.

The IT security firm gave these reminders to keep malware and cybercriminals at bay:

Practice security hygiene: Think before clicking, and carefully scrutinize unsolicited or suspicious emails and messages requesting for personally identifiable information.

Tighten privacy and security settings: Protect cryptocurrency wallets and its contents from malware and unauthorized modification, such as multifactor authentication, split wallets and cold storage (keeping the funds offline).

Enforce defense in depth: For enterprises, actively monitor systems for anomalous activities and array security mechanisms at each layer of the organization’s network, servers, gateways, and endpoints.