Quoter Ransomware
Organized cybercrime groups often explode new malware products that could be added to their arsenal. Recently, cybersecurity experts identified a new file-locker called Quoter Ransomware that appears to be linked to the group of criminals behind the RTM Banking Trojan, a threat that displayed remarkable activity in 2020. The Quoter Ransomware is used in combination with the RTM Banking Trojan in attacks that have been taking place since December 2020. The criminals are targeting Russian companies operating in the transport and finance industries, and they usually approach them via cleverly-tailored spear-phishing emails.
The Quoter Ransomware is used as a backup payload in these attacks. The criminals first try to use the RTM Banking Trojan to extract data from the infected system. If their attempt proves to be unsuccessful, they proceed to drop the Quoter Ransomware, which is then used to encrypt the victim's data. After this task is completed, the Quoter Ransomware behaves just like typical file-encryption Trojans – it drops a ransom note extorting the victims for money. The attackers are relying on two extortion types:
- They tell victims that their data is impossible to recover, and they can only recover it through a decryption tool supplied by the attackers.
- They claim to have collected some of the victim's files and threaten to publish them online if the victim does not pay a ransom fee.
It is important to add that the ransom fee, which Quoter Ransomware's creators demand is not ordinary at all. Typically, victims of ransomware attacks are asked to pay a few hundred or a few thousand dollars via Bitcoin, but the Quoter Ransomware is reported to ask for over a million dollars that must be paid via a cryptocurrency transfer. So far, no companies have agreed to pay the ludicrous ransom amount, and, thankfully, the RTM gang has not yet published any collected data online.
Cybercrime gangs are always looking to expand their operations by including new payloads and attack methods, and their potential targets must take the necessary measures to keep their networks protected. The RTM Banking Trojan and the Quoter Ransomware attacks are preventable with the use of suitable security software suites, as well as by ensuring that all company employees are complying with the best safe Web browsing security practices.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.