Phoenix Cryptolocker Ransomware is a new ransomware tool that has been used on an attack on Insurance company CNA. The website BleepingComputer has learned that it also encrypted the computers of employees working remotely who were logged into the company’s VPN at the time of the attack.
This is thought to be a new ransomware family but has code similarities to other malware used by the Indrik Spider APT group, also known as Evil Corp.
When encrypting devices, the ransomware appended the .phoenix extension to encrypted files and created a ransom note named PHOENIX-HELP.txt
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.