New Ransomware Dubbed ‘Paradise’ Discovered

A new ransomware dubbed ‘Paradise’ has been discovered, and reported this morning on Bleeping Computer. The Paradise Ransomware appears to be a ‘Ransomware as a Service’ or a RaaS. A RaaS is where a ransomware developer creates a ransomware, manages its development, and operates the Command and Control server in exchange for a small cut of all ransom payments made by victims.

http://brn.firetrench.com

https://www.bleepingcomputer.com/news/security/paradise-ransomware-uses-rsa-encryption-to-encrypt-your-files/

 

Commenting on this news, is Mark James – Security Specialist at ESET 

 

“Ransomware, for most, is still the worst kind of infection to get. It can destroy your most treasured memories or literally stop your business from operating, A lot of the malware we see like this tends to be quite benign in its nature- its created, it travels, it infects and it then moves into the “old” pile ,with the possibility of public decoders making their way to the great site www.nomoreransom.org– that’s excellent news for the many thousands of people who are infected.

But every now and again we see RaaS ( Ransomware as a Service) malware or ransomware; this is just as nasty as the others we see daily, but the difference is its maintained. Just like your windows operating system, someone actually creates updates and patches this ransomware to ensure it stays current, making sure it’s not detected and in some cases constantly changing. To stay current and effective, the authors of this software will take a cut from the people spreading the malware to fund its development. The bad news is that often we won’t see a decoder for this type of ransomware.

On one hand, Paradise ransomware is very thorough in its malicious activity; it encrypts all data on the disk, excluding only files necessary to run the operating system. On the other hand, it uses RSA encryption to encrypt files, thus making it very slow in the process of doing this. The primary infection vector is via RDP (remote desktop protocol) so to successfully spread, it requires a network vulnerable to such attack – in other words, one running on incorrect settings.

Of course, there is still one way to protect yourself- BACKUP! Its guaranteed, providing you have configured it correctly and tested it to ensure its working. Storing it offline and offsite if possible will help to keep it safe, but also make sure your operating systems and applications are on their latest versions and patched fully along with a good multi-layered regular updating internet security software which will help you to stay safe and stop the malware from taking hold in the first place.”