Application security, Threat Management, Incident Response, TDR

Service with a smirk: PadCrypt ransomware first to offer live chat ‘help’

February 16, 2016

If they gave out customer service awards to ransomware developers, the black hats behind the newly discovered ransomware PadCrypt might win the prize.

According to a report from BleepingComputer, PadCrypt is the first ransomware to offer a live support chat feature for victims seeking online assistance with paying their ransom and decrypting locked files. Exposed last Sunday by Swiss security researchers at @abuse.ch, PadCrypt is also the first ransomware program to provide victims with a software uninstaller, which is downloaded along with the malicious encryption code at the time of infection.

PadCrypt is distributed via “spam that contains a link to a zip archive that contains what appears to be a PDF file,” BleepingComputer wrote. But the supposed PDF file is actually an executable that downloads malware from cybercriminals' command-and-control servers. These C&C servers were disabled following their discovery, the report continued.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

Learn More

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Application security

Data exposed by over 30K Postman Workspace instances

SC StaffDecember 26, 2024

Hackread reports that more than 30,000 internet-exposed instances of widely used cloud-based API development and testing platform Postman Workspace had API keys, tokens, and admin credentials exposed as a result of access control misconfiguration, accidental Postman collection sharing, public repository syncing, and unencrypted storage of plaintext data.

Endpoint/Device Security

Health app-posing spyware spread via Amazon Appstore

SC StaffDecember 20, 2024

Malicious actors have distributed Android spyware as the BMI CalculationVsn app through the Amazon Appstore.

Vulnerability Management

Critical flaw in WordPress plugin exploited to install malicious software

SC StaffDecember 19, 2024

The installed plugins contain exploitable flaws, such as remote code execution, SQL injection, and cross-site scripting, allowing attackers to compromise targeted websites.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Service with a smirk: PadCrypt ransomware first to offer live chat ‘help’

An In-Depth Guide to Application Security

Related

Data exposed by over 30K Postman Workspace instances

Health app-posing spyware spread via Amazon Appstore

Critical flaw in WordPress plugin exploited to install malicious software

Related Events

Rooting Out Overlooked Risks in the Data and AI Supply Chain: Introducing a New Approach

A More Ironclad AppSec: Forecast and Guidance Late 2024 and Early 2025

Apiiro’s Integrated Application Security Posture Management (ASPM) + Software Supply Chain Security (SSCS) Solution

Get daily email updates