Are You “Surprised” by New Ransomware Spread via Teamviewer?

4553

A number of users have reported the infection dubbed Surprise ransomware. The infection is easy to spot. It does not hide as its encryption payload has completed, It clearly informs its victims they need to pay.

The malware is going to lock all files with a sophisticated encryption. To undo the malicious modification, a user is prompted to buy the decryption key. Surprise ransomware generates a relevant message and drops it into every folder with affected files. The files concerned cannot be opened until after decrypted.

Names of the affected files get changed. The ransomware adds “.surprise” extension at the end of each encoded item.

Propagation of the virus exploits multiple infection vectors. The Surprise crypto-trojan is the first ransomware to be dropped via TeamViewer. Judging by the complaints submitted, the TeamViwer based infiltration dominates the malware distribution.

The amount of ransom claimed by the rogue varies. It is basically up to a particular distributor and ranges within 0.5 to 25 Bitcoins. It means the amount may be as high as 10 thousand USD.

IT Security experts urge users to check TeamViwer privacy and security settings. That would prevent the ransomware invasion. It is also very important to make backups. If you can restore your files from backups, you do not need to pay the hacker.

About David Balaban
david-balabanDavid Balaban is a computer security researcher with over 10 years of experience in malware analysis and antivirus software evaluation. David runs the www.Privacy-PC.com project which presents expert opinions on the contemporary information security matters, including social engineering, penetration testing, threat intelligence, online privacy and white hat hacking. As part of his work at Privacy-PC, Mr. Balaban has interviewed such security celebrities as Dave Kennedy, Jay Jacobs and Robert David Steele to get firsthand perspectives on hot InfoSec issues. David has a strong malware troubleshooting background, with the recent focus on ransomware countermeasures.
In this article