It is currently 18-12-2017 04:02

Discovered a new ransomware-cryptographer for 1C

Discovered a new ransomware-cryptographer for 1C

by 1127 » 2016-06-24 11:13:00

Ransomware encrypts files on the system and demands a ransom for decryption.

The company "Doctor Web" detected malware threat targeting users in accounting software 1C. Trojan-the Trojan is detected by antivirus as 1C.Drop.1.

The malware spread via email using a list of contractors compromised system. The infected system begins to send out a letter with the subject "we replaced the BIC of the Bank" and the following contents:

We have changed the Bank's BIC.
Please update your classifier banks.
This can be done automatically, if You use 1C: Enterprise 8.
File - Open processing updates the classifiers from the attachment.
Click YES. The classifier will be updated automatically.
While the Internet for 1-2 minutes."

Together with the letter extends an attachment "ПроверкаАктуальностиКлассификаторабанков.the epf". After you run the attachment, the Trojan will start mailing by contractors, and then begin to encrypt files on disk. A cryptographer is defined as a Trojan.Encoder.567 terminology "Doctor Web".

1C.Drop.1 is able to work with the following database configurations of 1C:
"Trade management, revision 11.1"
"Trade management (base), edition 11.1"
"Trade management, revision 11.2"
"Trade management (base), edition 11.2"
"Accounting enterprise edition 3.0"
"Accounting enterprise (base), edition 3.0"
"1C:Comprehensive automation 2.0"

Сообщений: 239
Депозит: 0 BTC

Rating: 0

cronbot - Банк бот / bank bot

by Admin » 2017-12-18 04:02:22

cronbot - Банк бот / bank bot

Сдадим в аренду комплексного банк бота со след функционалом.


Discovered a new ransomware-cryptographer for 1C

by cronbot » 2016-07-05 03:52:14

that's great parnyagi, muddied.
Сообщений: 47
Депозит: 0 BTC

Rating: 4