FTCODE Ransomware steals credentials and passwords

627

A Ransomware strain named FTCODE which has been in prevalence since 2013 is now been reintroduced into the web world by hackers with some new features and tools. Security experts claim that this file-encrypting malware is now capable of stealing passwords and other credentials stored in web browsers and email clients which can push the victims into serious trouble when targeted.

 


Almost 7 years ago, this ransomware first emerged into the web by infecting some computers in Russia. And is now seen spreading to western countries by already targeting victims in Paris, Italy and some parts of the UK.

 

According to the analysis made by Zscalar ThreatLabz, researchers have found that the FTCODE has the ability to steal passwords from popular browsers such as Firefox, Chrome, Explorer and Microsoft Outlook.

 

Currently, information on how many victims were hit by the ransomware is yet to be known, but the evolution of FTCODE from just a file-encrypting malware to passwords stealing maleficent software is confirmed.

 

Note 1- SOPHOS was the first cybersecurity firm to spot FTCODE in 2013 and added in their discovery report that the ransomware strain uses Powershell to help develop Crypto-locking malware.

 

Note 2- All these days we have seen hackers first stealing a portion of data from the encrypted database to later sell that stolen info if their negotiations with victims in getting a ransom to fail. Now, the developers of the ransomware seem to have evolved further by stealing password credentials from the browsers loaded on the infected device.