Maktub Ransomware

Maktub, also known as MaktubLocker and Iron, is a newly observed ransomware tool being sold using a malware-as-a-service model.

It is delivered via smaller-scale spam campaigns containing a malicious attachment. This attachment contains a rich text format document resembling a Terms of Service (ToS) agreement. Unlike most malicious attachments, this document appears to be a legitimate ToS agreement, and is believed to be included as a way to occupy the user while the malware is installing.

Once installed, Maktub checks the keyboard locale list, only proceeding if it does not detect Russian values on the list. Encryption uses the Windows Crypto API and targets all local, network and external drives. Files are also compressed before encryption, possibly to increase the speed of the process.

Maktub Locker has clearly been developed by professionals. The full product’s complexity suggests that it is the work of a team of people with different areas of expertise.

Further technical details here

Affected Platforms

Microsoft Windows – All versions

website1

Image via – bleepingcomputer.com





Leave a Reply