The Check Point team has discovered a ransomware called Ramsom Warrior, and it seems that this large-scale operation has Indian hackers behind, according to the Check Point team. ” The executable file of the ransomware is not protected, a detail that makes us think that those behind it are amateurs. This is an example of how more and more cybercriminals are opting for global campaigns, “they explain from Check Point .

In fact, the “encryption” used by the ransomware is a stream cipher that uses a key chosen at random from a list of 1000 keys encoded in the RansomWarrior binary code. The Check Point Research team has been able to extract the keys and, when the password is stored in the victim’s own device, the correct keys can be obtained to unlock the ransomware.

Ransomware takes over from banking malware

Although banking Trojans are losing prominence in computers, ransomware is taking its place, mainly due to its high effectiveness. It is possible that large-scale cyber attacks begin to include the ransomware as part of its operation to prevent the user from defending himself.

However, given that this type of threat continues to evolve, it is not unreasonable to assume that in the near future there will be variants capable of disabling the entire terminal, even if it is reset. In addition, they can also block connected storage devices, which often contain the most valuable data.