Nine days after Christmas, a new ransomware named “Merry Christmas” was discovered operating in the wild and later a new variant was found which transmitted the DiamondFox malware as a secondary infection. DiamondFox malware is a versatile malware that includes modules that recruit bots for distributed denial of service attacks, steal credit card data from POS systems, pilfer browser passwords, open remote desktop connections and others.
The malware generates its ransom note as a file named “YOUR FILES ARE DEAD.hta” and inserts it in every folder wherein documents are encrypted. The note contains instructions directing victims to contact the criminals through telegram or email. The ransomware also communicates with the command-and-control server from the infected machine and transfers information including username, computer name, running processes, installed programs, local time and hardware information.
Palo Alto Networks and three other researchers are credited with discovering two variants of the Merry Christmas malware. MalwareHunterTeam discovered the DiamondFox secondary infection by the ransomware.