Categories: EducationRansomware

Bitcoin Ransomware Education: Defray

A few industries are more prone to cyber attacks than others. Criminals are purposefully targeting the healthcare and education sectors as a way to improve their chances of scoring a big payday. According to Proofpoint researchers, the Defray ransomware family plays a large role in this new wave of attacks. Although there have only been two small attacks so far, there is plenty of reason to be concerned about what this ransomware family can achieve.

Defray Ransomware is a Big Problem

It was only a matter of time until cybercriminals started targeting the healthcare and education sectors again. We have seen various attacks against hospitals

and schools over the past few years. Most of those ransomware distribution campaigns netted the criminals thousands of dollars, all of which was paid in Bitcoin. It now appears the criminals are back with a new tool, identified as Defray ransomware. It is quite a problematic development, even though there have only been two very small campaigns involving this malware so far.

The name “Defray” was not chosen randomly by researchers either. Though developers may have given it a different name, researchers refer to this family as Defray due to the name of the command & control server being used to communicate with the malware. This server appears to reside on the 000WebHostApp domain for the time being, although it may very well be taken down in the coming weeks. A centralized server makes it a bit easier for security researchers to combat ransomware outbreaks, even though it remains a tedious process.

So far, the distribution of this particular payload shows some intriguing and worrisome characteristics. First of all, it is distributed through Microsoft Word documents sent out through email campaigns, which is not surprising. However, we are not talking about massive waves of spam emails, but rather controlled amounts of messages. Recipients reside in the UK and the U.S. for the most part, which is pretty significant. It goes to show the developers are putting a lot of work into distributing the ransomware to their intended targets rather than going after consumers worldwide.

Related Post

Once a victim downloads and executes a Microsoft Word attachment, the malware payload will be installed on the system. The victims will see a file called FILES.TXT in virtually every folder on their computer systems, which contains information on how they can restore file access. It appears victims are asked to get in touch with the criminals via email using one of three different email addresses. There is also an option to communicate through the BitMessage application if needed.

Right now, victims are asked to make a ransom payment of US$5,000 in Bitcoin. Given the current Bitcoin price, that means they will pay slightly over 1.15 BTC. Although the Bitcoin amount itself is pretty low, a US$5,000 payment is still quite substantial for any affected company. It may be possible to negotiate a smaller amount depending on how the communication with the criminals evolves. Interestingly, the ransom note also mentions how the infected victims should maintain offline backups of their files to prevent future attacks of this magnitude. This does feel like salt in the wound for victims. 

The Defray ransomware is a professionally developed ransomware strain. It is unclear if it uses any source code from other projects which have made a name in the past. The ransom note claims that this payload is custom-tailored to infect one’s particular system, which would make it incredibly difficult to come up with a free decryption tool. It is far less obnoxious compared to most malware attacks, which also makes it a much bigger threat for enterprises and companies in specific industries. It will be interesting to see if this malware is successful in the long run, though.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Crypto Whale Sparks 8x Surge In $OPK Price with Massive Buy-in

A mysterious crypto whale, who previously invested 9,600 SOL into tokens $Pnut and $FRED, has…

2 hours ago

Early ENS Investor Transfers $2.47M To Binance Amid Upcoming Token Unlocks

An early investor linked to the $ENS token recently transferred 154,000 ENS tokens, valued at…

2 hours ago

Wintermute’s Memecoin Strategy: BABYDOGE Ranks Among Top 3 Holdings

In a surprising turn, $BABYDOGE has climbed to the top three in Wintermute’s memecoin holdings…

2 hours ago

$Pnut’s Meteoric Rise: How A Tragic Squirrel Inspired A Memecoin Sensation

The $Pnut memecoin recently soared past a $120 million market cap, creating unexpected wealth for…

2 hours ago

Political Memecoins And High-Stakes Bets Surge As Election Approaches

With election season heating up, political memecoins like $PEOPLE, $MAGA, $HARRIS, and $TRUMP are surging.…

2 hours ago

TRX Price Prediction: Tron Network Fee Cut to Spark New ATH?

Back into Spotlight: Tron Network Fee Cut Could Push TRX to ATH, But This DeFi…

11 hours ago