“Merry Christmas” Ransomware Detected Utilizing DiamondFox Malware To Steal User’s Private Data

Christmas is over but hackers have utilized this golden period to exploit the vulnerabilities to ransack private data using Merry Christmas Ransomware. Researchers have reported about recent variants of Merry Christmas aka Merry X-Mas to be highly active during Christmas carnival and known to drop DiamondFox malware on the compromised PC for the purpose of collecting victim’s passwords, vital files and several other crucial data.

Being detected for the very first time in the first week of 2017 by several distinct researchers, “Merry Christmas” has been identified as a threatening infection for the computer system whose first wave was propagated through vicious spam emails claiming of being FTC consumer complaints. Now though the researchers though that the ransomware would not on the platform for long duration of time because of it’s Christmas theme, but on the contrary to whatsoever that were thought, the threat has been found still being detected.

According to one of the most popular security expert namely ‘Brad Duncan’, just a couple of days after the initial attack, a second version has been detected relied on a distinct ransom note. Similar to those of the previous ones, it has also been reported distributing via spam email messages. Just the difference was that it was pretending of being a court attendance notices.

Merry Christmas ransomware ransom note (version 2)

Apart from this, alike the predecessor ones, it also provides links downloading a file from an online server. Researches report that this file usually contains macro scripts which on getting executed, download and installs the latest Merry Christmas version.

Difference between the ransom note of the first two Merry Christmas ransomware infections

Based on the reports revealed by Duncan, attacks by “Merry Christmas” were occurred at the time of Christmas holidays for Orthodox Christians (following the Julian Calendar, such as several Eastern European countries and large communities in former Soviet states). Just few hours after the publishing of the Duncan’s finding, Researchers from the MalwareHunterTeam discovered that the latest updated version of “Merry Christmas” variants are intruding the DiamondFox malware and utilizing it for the purpose of sniffing the victim’s private stuff.

DiamondFox is basically a module opt by online crooks with the motto of deploying on a per-infection basis as well as components for transforming computer systems into DDoS bots. Furthermore, this malware is used for extracting credit card stuff from PoS systems, regarding opening of Remote Desktop Connections and hacking of browser passwords and many more.

Researches clearly proves that “Merry Christmas” is the not the foremost ransomware program utilizing a second malware regarding several vicious purposes. Aside from it, one another ransomware namely Shady ransomware has been detected by the Kaspersky security researches in the summer of last year downloading the Teamspy RAT. This RAT was purposely intruded for evaluating the compromised machine and it’s type in order to enable the crooks to decide whether to ask for a higher ransom sum for unlocking the encoded files.

Leave a Comment

Your email address will not be published. Required fields are marked *