Defray Ransomware
A new strain of ransomware known as Defray has been discovered. Similar to other strains of ransomware, Defray is distributed via e-mail and requires social engineering to be successful. However, Defray is being sent only to specific targets.
The phishing e-mail contains a personalised message and claims to come from within the targeted user’s organisation. The Defray ransomware is contained within an embedded executable in a Word document. The user is required to double-click the executable in order for Defray to download. Once executed, the ransomware encrypts files on the machine.
Defray will regularly contact a command & control (C2) server to report infection information. Defray is also capable of disabling start-up recovery and in Windows 7, it can delete any program with a graphical user interface (GUI) such as the task manager.
Affected Platforms:
Microsoft Windows – all versions
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.