SHARE

E

New ‘qkG Ransomware’ Found Using Same Self-Spreading Technique

Just yesterday, Trend Micro published a report on a new piece of macro-based self-replicating ransomware, dubbed “qkG,” which exploits exactly the same MS office feature that Buono described to our team.

Trend Micro researchers spotted qkG ransomware samples on VirusTotal uploaded by someone from Vietnam, and they said this ransomware looks “more of an experimental project or a proof of concept (PoC) rather than a malware actively used in the wild.”

The qkG ransomware employs Auto Close VBA macro—a technique that allows executing malicious macro when victim closes the document.

qkG-ransomware

It should be noted that the above-mentioned Bitcoin address hasn’t received any payment yet, which apparently means that this ransomware has not yet been used to target people.

Moreover, this ransomware is currently using the same hard-coded password: “I’m QkG@PTM17! by TNA@MHT-TT2” that unlocks affected files.

Here’s How this New Attack Technique Works

So, be secure and keep on visiting Stalker’s Security in order to get latest news about hacking

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here