And following on from Locky comes Surprise, this week’s flavour of ransom-ware! Yeah! This latest ransom-ware family that’s being distributed with Teamviewer 10, specifically version 10.0.47484, launches a file remotely called surprise.exe and then silently goes about its business injecting malware and encrypting files. Teamviewer themselves have indicated that they’ve had no breach of credentials ( which appears to be what is assisting the spread of this malware ) and that it’s likely this is a case of compromised end-user credentials. As per most modern r-w malware, RSA2048 and AES256 is employed to do the dirty work and this is little to no chance of decrypting without the keys. The C&C is down at the moment so it looks like there is a lull in activity but that doesn’t stop the malware from spreading. Extreme caution is required and make 100% sure that you dependable and reliable backups, because backups are the only verifiable method of recovery. Security Awareness training can also go along to way to avoiding infection completely.
