Windows 10 PCs target for Ransomware as a Service attacks

Don Sharpe
by Don Sharpe
Author
0 Comments
Download PDF
Affiliate Disclosure

  • Avaddon uses a RaaS affiliate program to deliver ransomware to unsuspecting Windows PC users.
  • Victims have to pay Avaddon a ransom fee to decrypt their infected files. 
  • Our Cybersecurity page extensively covers threats to Windows computer systems and software. Be sure to check it out!  
  • You may also visit the Security & Privacy page to learn more.
Windows PC ransomware

You know how tech companies use SaaS or PaaS to deliver IT solutions to enterprises at scale? Well, cyber criminals have developed a model of their own called RaaS, which they’re using to efficiently distribute malware in massive waves. They recently targeted Windows 10 PCs for ransomware attacks, according to a Bleeping Computer report.

Windows 10 users targeted in Avaddon ransomware attack

In the recent Avaddon attacks, users receive an email enticing them to open a photo, which is actually not real. The body of the email contains a wink emoji.

But according to cyber security company Appriver, the photo is a cover for malware. In that case, the people behind the attacks are taking advantage of the fact that Windows doesn’t reveal file extensions by default.

So, unsuspecting victims end up clicking on the photos only to unleash a JavaScript file that triggers ransomware activity on their machines.

All of the messages contain an attachment that arrives in the IMG<number>.jpg.js.zip format. Once the zip is extracted, there is a small 1 kilobyte javascript file inside. This is much smaller than last year’s campaign of 8 kilobytes, largely because the latest version does not contain any additional obfuscation techniques.

When the malware is executed in Windows 10, it encrypts all files, from images to documents. Then, the attackers leave a ransom note on the victim’s desktop.

The note informs the user about the encryption of all their files by the Avaddon ransomware.

Next, the cyber criminals offer software the victim can buy to decrypt and access their computer files. So, they direct the user to a Tor payment portal where the transaction should takes place.

Avaddon is a Ransomware as Service (RaaS) actor running an affiliate program. Affiliates acquire the malware from Avaddon for distribution to targeted PC systems.

You can minimize the risk of falling victim to such attacks by using email scanning tools. Also, updating and activating Windows Defender can help prevent ransomware from executing on your machine.

Feel free to share your views or ask any questions via the comments section below.