Researchers from Proofpoint have published a new blog about a Valentines Day ransomware campaign they have been tracking.
Victims are targeted via a Valentines Day Promotional Offer email, however when recipients click on the links, a new ransomware variant called 7ev3n is installed on their machine.
7ev3n itself is an especially nasty bit of ransomware that distinguishes itself from the more common Cryptowall, Cryptolocker, and Teslacrypt variants in a few ways:
The ransom is very high. Attackers demand 13 bitcoins (about 5,000 USD) to decrypt files on infected machines
The attackers threaten to make encrypted files public if the ransom is not paid
Users are locked out of their systems completely until the ransom is paid
When a system is infected, 7ev3n immediately:
Begins scanning for files to encrypt
Makes several changes to the system to ensure that the PC restarts and is locked without options for recovery
Creates a bitcoin wallet
Forces a restart once files are encrypted and the machine has been identified to the command-and-control server, locking the machine, disabling the keyboard and mouse, and displaying the message.