Tuesday, May 13, 2025
HomeRansomwareThe Ransomware can Launch a DDOS attack - FireCrypt

The Ransomware can Launch a DDOS attack – FireCrypt

Published on

SIEM as a Service

Follow Us on Google News

Ransomware

Ransomware is a kind of malware that keeps or cutoff user’s from getting their System, either by locking the system’s screen or by locking the user’s files unless ransom is paid.     To read more about Ransomware.

A ransomware family named FireCrypt will scramble the client’s documents, additionally attempt to dispatch an extremely weak DDoS assault on a URL hardcoded in its source code.

FireCrypt’s manufacturer named BleedGreen (seen underneath) and permits the FireCrypt creator to produce an exceptional ransomware executable, give it a custom name, and use a customized record symbol.

Contrasted with other ransomware developers, this is a low-end application.

- Advertisement - Google News

Comparative manufacturers more often than not let law breakers to alter a more extensive arrangement of choices, such as, the Bitcoin deliver where to get installments, the payment request esteem, contact email address, and the sky is the limit from there.

The Ransomware can Launch a DDOS attack - FireCrypt
The Ransomware can Launch a DDOS attack - FireCrypt
The Ransomware can Launch a DDOS attack - FireCrypt

This threat was discovered today by MalwareHunterTeam and first posted in Bleeping Computer.

The strategy is regularly used by malware engineers to make alleged “polymorphic malware” that is harder to recognize by standard antivirus programming.

As indicated by MalwareHunterTeam, “the manufacturer is extremely fundamental, so this shouldn’t help anything against genuine AVs.”

Firecrypt pathology procedure

The FireCrypt contamination prepare relies on the ransomware’s merchant’s capacity to trap clients in propelling the EXE record they just created.

When this happens, FireCrypt will terminate the PC’s Task Manager (taskmgr.exe) and start to encrypt a rundown of 20 document files.

FireCrypt encrypts records with the AES-256 encryption calculation.

All encrypted files will have their original file name and extension appended with “.firecrypt”.

Once the document encryption prepares closes, FireCrypt drops its payment note on the client’s Desktop.

The DDoS work that fills your hard drive with garbage records

Subsequent to dropping the payment note, FireCrypt doesn’t stop its noxious conduct. Its source code has a capacity that persistently interfaces with a URL, downloads its files and save into the hard disk.

%Temp% folder, named [random_chars]-[connect_number].html

Current versions of the FireCrypt ransomware will download the content of http://www.pta.gov.pk/index.php, which is the official portal of Pakistan’s Telecommunication Authority.

The Ransomware can Launch a DDOS attack - FireCrypt

The FireCrypt creator calls this element as a “DDoSer,” however this would be an extend. The crook would have to infect thousands of victims before launching a DDoS attack large enough to cause any problems to the Authority’s website.

Victims infected with this threat that is unable or unwilling to pay the $500 ransom demand should keep a copy of their encrypted files around, as a decrypter might be possibly released in the future.

Targeted file extensions:

.txt, .jpg, .png, .doc, .docx, .csv, .sql, .mdb, .sln, .php, .asp, .aspx, .html, .htm, .csx, .psd, .aep, .mp3, .pdf, .torrent

General Methods to prevent Ransomware

1.Backup data.
2.Disable files running from AppData/LocalAppData folders.
3.Filter EXEs in the email.
4.Patch or Update your software.
5.Use the Cryptolocker Prevention Kit.
6.Use a reputable security suite.
7.CIA cycle(Confidentiality, integrity, and availability)
8.Utilize System Restore to recover the computer.
9.Disconnect Internet connection immediately.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Lumma Stealer Upgraded with PowerShell Tools and Advanced Evasion Techniques

Sophos Managed Detection and Response (MDR) in September 2024, the notorious Lumma Stealer malware...

New Noodlophile Malware Spreads Through Fake AI Video Generation Platforms

Cybercriminals have unleashed a new malware campaign using fake AI video generation platforms as...

Kimsuky Hacker Group Deploys New Phishing Techniques and Malware Campaigns

The North Korean state-sponsored Advanced Persistent Threat (APT) group Kimsuky, also known as “Black...

APT37 Hackers Use Weaponized LNK Files and Dropbox for Command-and-Control Operations

The North Korean state-sponsored hacking group APT37, also known as ScarCruft, launched a spear...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Cybercriminals Hide Undetectable Ransomware Inside JPG Images

A chilling new ransomware attack method has emerged, with hackers exploiting innocuous JPEG image...

New Mamona Ransomware Targets Windows Systems Using Abused Ping Command

Cybersecurity researchers are raising the alarm about a newly discovered commodity ransomware strain dubbed Mamona,...

Play Ransomware Deployed in the Wild Exploiting Windows 0-Day Vulnerability

Patched Windows zero-day vulnerability (CVE-2025-29824) in the Common Log File System (CLFS) driver was...