HC7 Planetary Ransomware May Be the First to Accept Ethereum

Discussion in '0-day Release' started by silversurfer, Jan 10, 2018.

  1. silversurfer

    silversurfer Malware Tester Silver Member

    A new variant of the HC7 Ransomware is in the wild that encrypts a victim's files and appends the .PLANETARY extension to the filename. What makes this particular ransomware variant unique is that it may be the first one that accepts Ethereum as a ransom payment.

    Almost all ransomware utilize Bitcoin for the ransom payment, with a few requesting Monero. Now that Ethereum is currently selling for over $1,200 per coin and rising in price and popularity, it's not surprising that we see criminals accepting it as a payment.

    While a cryptocurrency like Monero, or even Verge, makes more sense due to their greater privacy and being less traceable, Ethereum's smart contract feature could make ransomware payment processing more efficient. Using Ethereum's smart contracts, a criminal could make a "honest ransomware", where a victim guarantees payment if the developer actually decrypts the victim's files.

    While no ransomware currently uses Ethereum smart contracts for payments and most likely will not due to its complexity, that is really the only good reason to use Ethereum over other cryptocurrencies. In the future, I would expect developers to move away from Bitcoin and start moving more towards Monero and XVG due to them being "privacy" related coins.

    Source: https://www.bleepingcomputer.com/ne...nsomware-may-be-the-first-to-accept-ethereum/
    Trim, Der.Reisende and RGiskardR like this.
  2. Google Adsense

Share This Page