"Beautiful" ransomware arrives

News by Greg Masters

Maktub Locker ransomware is targeting its victims with a spam campaign that attempts to trick people into thinking they are getting a terms-of-service update when in fact the attached document contains malware.

Researchers at Malwarebyte Labs are taken with what they deem a "beautifully designed GUI," but there's no doubting the seriousness of a new ransomware.

Maktub Locker targets victim computers via a spam campaign disguised as a terms-of-service update, according to a post on the Malwarebytes blog. The email carries an attachment whose name spoofs that of an actual document and it includes a document-like icon. Calling it "an interesting trick," the ransomware does, in fact, display a document, a fake TOS update in .rtf format. But, while victims take a look, the malicious programme begins its work in the background and encrypts the user's files.

The code is executed to evade tools intended to recognise malicious behaviour. It is then overwritten by fresh code to further disguise itself.

Maktub Locker has clearly been written by seasoned pros, the researchers conclude, likely a team consisting of people with various skills.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews