Rakhni Trojan which was first discovered in 2013 has evolved over the course of five years. As an addition to its already existing and notorious ransomware ‘feature,’ the trojan is now capable of infecting your computer with a cryptocurrency miner as well. The decision to choose the mechanism of harming your computer depends on the configuration of the victim.
This double threat posed by old ransomware was exposed by a report from Kaspersky Labs, which was titled To Crypt, Or To MIne- That Is The Question. The report explains in detail by describing a downloader that decides how to infect the victim – with a cryptor or with a miner.
The mail has targeted computers in Russia, Kazakhstan, Ukraine, Germany and India and is distributed via email spam campaigns. Such spam emails have fake corporate financial documents which point out to the actor’s plan to target corporates.
According to researchers, “to hide the presence of the malicious software in the system, the malware developer made their creation look like the products of Adobe Systems.”
After downloading itself in the target’s computer, the malware then searches for the presence of a cryptocurrency wallet. If the Bitcoin data folder or %AppData%\Bitcoin is found, then it downloads a cryptor module which creates a ransomware message with the email ID of the ransom receiver and a deadline.
Otherwise, if such a folder is not found on the targeted computer, a miner module is downloaded which creates a VBS script for mining Monero or Dashcoin Cryptocurrency.
To rest your fears, decryption tools for Rakhni ransomware are available to get rid of the new and ‘smart’ ransomware. This unprecedented technique of choosing the means of infection hints at the level of sophistication at which cybercriminals have evolved over the years.