The flow of transactions starts with bitcoin wallets found on ransom notes, passes through intermediate wallets and then arrives at the final wallet associated with Excoino, an Iranian cryptocurrency. This Iranian entity provides secure cryptocurrency transaction services, intended only for Iranian citizens and requiring a valid Iranian phone number and country identification code.
Hackers went so far as to create a website for the disclosure of the data of their victims who chose not to give in to the double-exposure attack. Among the victims who did not pay, there are three Israeli companies registered.
Malware installation can be avoided by following some of these recommendations:
- Programs and files must be made from trusted official pages and through direct links for downloading.
- Installed programs must be updated and activated (if necessary) with tools and / or functions provided by their official developers.
- Unofficial third-party update and activation tools should never be used - they tend to be designed to install malware.
- It is not legal to activate licensed programs with various cracking tools or to use installers for pirated software.
- Attachments and website links in irrelevant emails sent by suspicious people, unknown addresses should also not be opened - it is common for recipients who open them to cause malware to install. It is worth mentioning that these emails are designed to look legitimate and important.
The required redemptions are seven to nine bitcoins, roughly equivalent to $ 110 to $ 140.