Ebaywall ransomware, a digital revenge against Ebay
This week, the SonicWall Capture Labs Threat Research team has received reports of yet another ransomware with a very obvious purpose, target and even a message that it wants to send across the ditigal landscapes. The author appears to be carrying grudge against Ebay for its seeming lack of value for security and this is his way of digital revenge. A back story is provided which appears to concern Kijiji.ca, an online classified service in Canada and is a subsidiary of Ebay. The ransomware calls itself Ebaywall and is demanding an exorbitant ransom payment amounting to roughly $8.9M to unlock all files. It also encourages victims to send angry phone calls or messages to Ebay.
Infection Cycle:
Upon execution, it creates the file “ebay_was_here” as an infection marker:
It then proceeds to encrypt the victim’s files and appends “.ebay” to all encrypted files.
It also creates the file “ebay-msg.html” and adds it to every directory where files were encrypted.
This file contains the back story which explains the purpose of this ransomware. Unlike other ransomware programs, it does not demand to be paid within a certain time limit.
To ensure that this html file with the message is launched during start up, it also creates a copy of it in the Startup directory.
Ebaywall is asking for a ransomware payment in Monero, another cryptocurrency amounting to XMR 200,000 or roughly $8.95M in the current exchange rate.
Click here to read the entirety of the back story and the author’s message.
Because of the prevalence of these types of malware attacks, we urge our users to back up their files regularly.
SonicWALL Gateway AntiVirus provides protection against this threat with the following signature:
- GAV: Ebaywall.RSM (Trojan)