Moneypack malware ransomware variants have been observed by Trendmicro security researchers. The malware encrypt files and asks victim to pay online for having their files recovered. The attack is targeting users in Turkey and Hungary.
Cybercriminals spread their malwares by sending an email prompts to download an executable file the file is a Trojan that encrypts sensitive data and instruct user to make online transaction in order to recover them.
When a ransomware executes on the system it will send a request for unique RSA public key from the C&C server. Next it will encrypt according to the attacker criteria files with AES algorithm that is impossible to crack. If the victim will have the private key he will be able to decrypt and recover his files. The problem is not only that files is encrypted but victim have only three days to pay for the decryption password or the files will not be repaired.
Trendmicro Advise the following” We advise users to exercise caution when opening all emails. Since the files cannot be decrypted (aside from perhaps paying the fee), it’s also good practice to constantly back up files in case of instances such as this one.”