New Ransomware ‘Surprise’ Spreads Infection through TeamViewer

A fresh ransomware infection occurred with indications appearing on forums about Bleeping Computers where victims of ransomware commonly gather to seek help. When the infection occurred end-users were initially taken by surprise because they found they couldn't access their files which had been locked. Alongside, they found 3 fresh files delineating ransom notes on their desktops. The notes informed the end-users about the locked files, now encrypted, while the same could be got back only if they communicated with the ransomware owner through the e-mail ids -nowayout@sigaint.org or nowayout@protonmail.com.



A total of 0.5 Bitcoin (USD200) was the ransom demand the cyber-crooks claimed; however, stated that the amount might be increased to a maximum of 25 Bitcoin (USD10,000) based on what matter existed inside the encrypted folders.



Even worse, the ransomware called 'Surprise' had its command-and-control infrastructure shutdown; consequently, it was essential for the victims to return online fast otherwise they could lose the chance of retrieving the folders irrespective of whatever amount they were agreeable to paying.



Surprise's dissemination is done via several infection vectors. Moreover, this crypto-Trojan, unlike any other ransomware of the same time, is planted via TeamViewer. Evaluation of the complaints made on Bleeping Computer forums suggests malware distribution is mostly being done through TeamViewer-based insertion.



The malicious software uses one sophisticated encryption for locking all data-files. For reversing it, end-users get advised towards purchasing a decryption code. When 'Surprise' infects, it produces one relevant missive that it installs onto each folder having the encrypted files. Decryption is necessary otherwise the affected files can't be viewed. Informationsecuritybuzz.com posted this, March 21, 2016.



When businesses collaborate or technical support is required, use of remote access is valuable. Thus, numerous end-users globally get benefited with TeamViewer. Simultaneously, however, such end-users also become enticing targets for online-crooks, as has been seen with 'Surprise.' Concerned quarters have contacted TeamViewer as also asked for locating the suspicious A/C, therefore, it's hoped that Surprise's victims would manage to regain their folders fast.



The ransomware infected 400-and-74 separate file extensions via a process that has made auto-recovery unfeasible, except if the end-users have created backups of the same folders. » SPAMfighter News - 3/30/2016