Categories: EducationRansomware

Bitcoin Ransomware Education: Defray

A few industries are more prone to cyber attacks than others. Criminals are purposefully targeting the healthcare and education sectors as a way to improve their chances of scoring a big payday. According to Proofpoint researchers, the Defray ransomware family plays a large role in this new wave of attacks. Although there have only been two small attacks so far, there is plenty of reason to be concerned about what this ransomware family can achieve.

Defray Ransomware is a Big Problem

It was only a matter of time until cybercriminals started targeting the healthcare and education sectors again. We have seen various attacks against hospitals and schools over the past few years. Most of those ransomware distribution campaigns netted the criminals thousands of dollars, all of which was paid in Bitcoin. It now appears the criminals are back with a new tool, identified as Defray ransomware. It is quite a problematic development, even though there have only been two very small campaigns involving this malware so far.

The name “Defray” was not chosen randomly by researchers either. Though developers may have given it a different name, researchers refer to this family as Defray due to the name of the command & control server being used to communicate with the malware. This server appears to reside on the 000WebHostApp domain for the time being, although it may very well be taken down in the coming weeks. A centralized server makes it a bit easier for security researchers to combat ransomware outbreaks, even though it remains a tedious process.

So far, the distribution of this particular payload shows some intriguing and worrisome characteristics. First of all, it is distributed through Microsoft Word documents sent out through email campaigns, which is not surprising. However, we are not talking about massive waves of spam emails, but rather controlled amounts of messages. Recipients reside in the UK and the U.S. for the most part, which is pretty significant. It goes to show the developers are putting a lot of work into distributing the ransomware to their intended targets rather than going after consumers worldwide.

Once a victim downloads and executes a Microsoft Word attachment, the malware payload will be installed on the system. The victims will see a file called FILES.TXT in virtually every folder on their computer systems, which contains information on how they can restore file access. It appears victims are asked to get in touch with the criminals via email using one of three different email addresses. There is also an option to communicate through the BitMessage application if needed.

Right now, victims are asked to make a ransom payment of US$5,000 in Bitcoin. Given the current Bitcoin price, that means they will pay slightly over 1.15 BTC. Although the Bitcoin amount itself is pretty low, a US$5,000 payment is still quite substantial for any affected company. It may be possible to negotiate a smaller amount depending on how the communication with the criminals evolves. Interestingly, the ransom note also mentions how the infected victims should maintain offline backups of their files to prevent future attacks of this magnitude. This does feel like salt in the wound for victims. 

The Defray ransomware is a professionally developed ransomware strain. It is unclear if it uses any source code from other projects which have made a name in the past. The ransom note claims that this payload is custom-tailored to infect one’s particular system, which would make it incredibly difficult to come up with a free decryption tool. It is far less obnoxious compared to most malware attacks, which also makes it a much bigger threat for enterprises and companies in specific industries. It will be interesting to see if this malware is successful in the long run, though.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx
Tags: DefrayeducationHealthcareransomware

Recent Posts

MyEtherWallet Users Can Buy Ether Directly With Their Credit Cards

Cryptocurrency wallet service providers are always looking for ways to evolve and grow. MyEtherWallet is going in an interesting direction…

35 mins ago

Bitcoin Price Watch: Currency Shoots Up to $7,500

At press time, bitcoin has reached $7,500, a coveted position according to most analysts. Many believe that $7,500 will lead…

36 mins ago

Fuel Games Envisions a Bright Future for Ethereum in the Video Gaming Industry

The Ethereum blockchain offers a lot of potential for innovation and new business models. Various projects and companies are actively…

2 hours ago

DLTs For All: Apollon Enables Businesses To Utilize Blockchain Technology to Enhance Revenue Streams

Apllon Foundation believes in the free flow of value through blockchain, giving retail and other businesses the opportunity to take…

3 hours ago

Cryptojacking Becomes Less Popular Due to Falling Cryptocurrency Prices, Report Claims

Cryptocurrency malware is a thriving business among online criminals. Hundreds of threats still exist, and this trend will not be…

3 hours ago

Grayscale Investments Successfully Attracts Institutional Investors

Various financial firms maintain active cryptocurrency portfolios these days. Grayscale Investments is one of the more well-known companies in this…

4 hours ago