Security experts say extortion software Erebus abuse Event Viewer, which allows user account control (UAC) to bypass, that is, users will not be prompted to run the program with higher privileges. In addition, the blackmail software Erebus can also copy itself to any random named file to modify the Window registry to hijack content related to the .msc file extension.
Once the 60 target file extensions are encrypted by Erebus, the desktop will have a redemption notice, the victim will click on the “recovery file” after the page will jump to the Erebus Tor payment site. The amount of ransom for the Erebus software has soared to $29,075 (10-bit currency) from $90 (0.085-bit) in February, at a recent price of $15,165 (5.4-bit).
At present, South Korea Internet Security Bureau, the national security agencies have launched a joint investigation with the police. Nayana said they will actively cooperate to regain control of server control as soon as possible.