I don't see worm-like behavior from description. It looks like ordinary malware that has to be run by user.
Blackshades ransomware targets US, Russians, teases researchers https://threatpost.com/blackshades-ransomware-targets-us-russians-teases-researchers
Free Decrypter Available for Terribly Coded BadBlock Ransomware http://news.softpedia.com/news/free...rribly-coded-badblock-ransomware-504854.shtml
"Companies Are Stockpiling Bitcoin to Pay Off Cybercriminals" https://www.technologyreview.com/s/...tockpiling-bitcoin-to-pay-off-cybercriminals/
RansomWeb Attacks Are Five Times More Common in 2016 RansomWeb attacks detected for the first time in 2015 These Web-based ransomware attacks, hence the term RansomWeb, were first seen in January 2015, when High-Tech Bridge was called in to investigate a locked-down phpBB forum. Since then, the company is saying that the numbers have grown tremendously, and crooks are using all sorts of vulnerabilities to break into websites and carry out such attacks. High-Tech Bridge says that, in most cases, the hackers' favorite entry point is an SQL injection. These are severe vulnerabilities because attackers can quickly escalate their access from an SQL database and get control of the whole server. 60% of all websites contain a vulnerability As part of a general overview of Web application security, which the company is presenting at this year's Infosecurity Europe 2016 conference, High-Tech Bridge also says that, overall, Web attacks are becoming more sophisticated, and criminals are combining different vectors to ensure they reach their desired goals. High-Tech Bridge adds that three in five websites or APIs contain at least one security flaw, and if a service has an XSS vulnerability, in 35 percent of cases, it also hides multiple others as well. Ref.: http://news.softpedia.com/news/ransomweb-attacks-are-five-times-more-common-in-2016-505029.shtml
Simple Encryption Algorithm Allows Decryption of Crypt38 Ransomware http://news.softpedia.com/news/simp...decryption-of-crypt38-ransomware-505387.shtml
"One of the nastiest types of ransomware has just come back to life And there's a new version of the CryptXXX malware to worry about too. ......instances of Locky malware - one of the most prolific forms of malicious software - have bounced back following what had been a huge decline in activity. ...a new, more highly evolved and more effective version of the CryptXXX family of ransomware has been discovered - and cybersecurity researchers say it's only going to become and more dangerous......... CryptXXX is a particularly nasty form of ransomware which not only encrypts files on the infected PC, but also also attacks any files on connected storage devices, steals cryptocurrency wallet funds stored on your system and may also send sensitive data to cyberattackers, putting victims at further risk of hacking. Previously, victims were able to exploit a loophole which enabled them to deploy free decryption tools in order to unlock devices infected by CryptXXX, but now the malware has essentially been patched to ensure that isn't the case........" http://www.zdnet.com/article/one-of-the-nastiest-types-of-ransomware-has-just-come-back-to-life/
Questions: With these ransomeware that encrypt the MBR, would I be able to boot up with a boot disc? Or with something like HitMan Pro Kickstart? (I understand that my existing files would still be encrypted.) Or would the encrypted MBR prevent me from booting from a disc? Would I be able to reinstall Windows from a Windows Installation Disc? Could a new boot or MBR firmware be installed along with a new hardrive? Or would my PC simply be toast if I refused to pay the ransome?
What I don't get is why malware writers want to make a PC unbootable. Why make it hard for people to pay?
Free Decrypter Available for Download for MIRCOP Ransomware http://news.softpedia.com/news/free...r-download-for-mircop-ransomware-505976.shtml
CryptXXX Ransomware Mutates Again, Features Non-Working Decrypter http://news.softpedia.com/news/cryp...n-features-non-working-decrypter-506121.shtml
Thousands of Websites Compromised to Spread CryptXXX Ransomware http://www.securityweek.com/thousands-websites-compromised-spread-cryptxxx-ransomware