In a different twist on traditional ransomware, a newly discovered attack pretends to be a new cryptocurrency wallet to persuade users to install it, then takes over control of files on a victim’s personal computer.

Called SpriteCoin, the same name of the fake cryptocurrency it purports to be promoting, by researchers at Fortinet Inc., the ransomware is being spread via forum campaigns. They’re telling people they should download a wallet to get in on the ground floor of a “new cryptocurrency written in JavaScript” that is “sure to be a profitable coin” for the user.

Perhaps not surprisingly at this point, the download is not a cryptocurrency wallet. Instead, it downloads a file called MoneroPayAgent.exe that then encrypts files on the victim’s PC and demands a ransom payment of 0.3 Monero, worth a little over $100 at the time of writing. In addition to encrypting files, the ransomware sends the user’s Chrome and Firefox credential stores to a remote website, likely giving the attackers access to the user’s passwords as well.

Not content with simply extorting money from unsuspecting victims, the ransomware then adds an even nastier twist. If and when victims pay the ransom, the software downloads malware identified as W32/Generic!tr that can harvest certificates and parsing keys and access web cameras.

“The allure of quick wealth through cryptocurrency seems to be enough to trick unsuspecting users to rush toward the wallet app du jour without consideration,” the researchers wrote.

Along with practicing safe internet, organizations are advised that they need to prepare for ransomware attacks by developing a solid backup and recovery plan.

“Do not rely on shadow volume backups alone, as some ransomware variants delete them,” the researchers noted. “Malware authors have done their homework to ensure a higher success rates. They understand that most people don’t back up their systems regularly, but if someone should perform a shadow volume or similar backup, they have logic built into the malware to defeat it. Instead, a simple offline backup of important files will save a lot of time and frustration.”

Image: Fortinet