Hello Ransomware Uses Updated China Chopper Web Shell, SharePoint Vulnerability

In January, Trend Micro researchers encountered a new ransomware using .hello as its extension in one of our cases that possibly arrived via a SharePoint server vulnerability. This appeared to be a new ransomware family dubbed as the Hello ransomware (aka WickrMe), named after the chat application that was used to contact the cybercriminals responsible.

Previous variants were observed using .hemming and .strike extensions and did not include the cybercriminals’ WickrMe user handles. In contrast, newer versions of the ransom notes with .hello extensions now have the WickrMe contact information.

Read more…
Source: Trend Micro