Welcome 2017 – Marlboro / Spora Ransomware

Marlboro/Spora Ransomware

2017 has just begin and with that a new wave of ransomware has emerged. Two of the extreme cases of new variants have been discovered by researchers, Spora for one is one of the most sophisticated variant, while Marlboro is the epitome of immaturity.

Marlboro Ransomware, encrypts the files and changes the extension to .oops and displays the message

All of your files are encrypted with RSA – 2048 and AES-128 ciphers.
Information about the RSA More and the AES CAN the BE found! Found here:
Decrypting of your files is Possible is only with the private key and decrypt program, which is on our secret server.
To receive your private key you need to make payment to us.
After you make payment, run program called ‘DecryptFiles’ that is located on your Desktop and your Documents.
Program will automatically decrypt all of your files !
If you try to decrypt files with another software your files can be forever lost.
How to buy decrypter? 
1. You can make a payment with BitCoins , there are many methods to get them.
The Bitcoin
2. You Should The register BitCoin wallet (Simplest of online wallet some the OR OTHER Methods of Creating Company wallet).
3. Purchasing Bitcoins – Although it is not yet easy to buy bitcoins, it is getting simpler every day.
Our Recommendations are Here
• Localbitcoms.com (the WU) – the Buy Bitcoins with Western Hotel Union
• Coincafe.com – Recommended for of fast, simple service,.
• Localbitcoms.com – Service allows you to search  for people in your community willing to sell bitcoins to you directly.
CEX.IO • – with the Buy Bitcoins of VISA MASTERCARD or the Transfer-Wire
• btcdirect.eu – the FOR EUROPE THE of BEST
4. of Post Send – 0.2 of BTC to the Bitcoin address: *****
5. you the make of After payment, the run program Called ‘DecryptFiles’ that is located on your Desktop and your  Documents.
Program will automatically decrypt all of your files !

Over here we have to note that the author claims to have implemented RSA and AES ciphers. However, the Ransomware author, had faked this message and was using XOR to encrypt the data and to make the matters worse used BOOST Library to do this task.

For a layman these terms are technical, however from programming point of view, even a skiddie with little bit of intelligence would write the XOR code himself, rather than relying on Boost library for this.

However, when we look into Spora Ransomware, it is quite evident from the first instance that its on the other side of the spectrum. Professionally coded, usage of AES and RSA, with the public keys being encrypted, the dashboard too showing elegance and to make the matters worse, Spora offers the victims immunity from further attacks if their demands are met.

Moreover, in recent weeks, we have observed that Ransomwares are now targeting Database Servers, especially the MongoDB and ElasticSearch Clusters. The criminals have not just realized the importance of these servers but have also found several insecure deployments.

To know more abour Ransomware visit: http://bit.ly/2iKUYFS

Posted in eScan 11, eScan 14, MailScan, Security | Tagged , , , , , , , , , , | Leave a comment

Digital Scammers eyeing on “Open Wallets”

Open E-Wallets

In continuation to our earlier blog “Analogy of Digital Wallet”, here is another account on the usage of Digital Wallets.

Are you aware of the recent incident which happened with a student in Hyderabad? He paid Rs. 115 for his meal at a restaurant with the help of his e-wallet. Almost Rs. 10,000 were siphoned off instantly in few transactions after the restaurant staff stole the details. The victim alleged that as soon as he left the restaurant, the money in his account were illegally transferred to an online rummy site. By the time the victim got in touch with the bank’s customer care department, he lost his money to the online bully. On further investigation, it was found that the victim handed over his smartphone to the staff for few seconds to do the payment. (which should not be done under any circumstances, we mentioned as precautionary measures in the previous blog)

As we see, the spurt in fraudulent online transactions in the country with numerous cases being registered regularly after the popularity of e-Wallets struck the citizens. Scammers are exploiting the idea of e-wallets by calling the victims and pretending to be bank representatives. They ask for their credit/debit card details as if they are “upgrading” them for easier cash flow during cash crunch.

The cyber gangs are using various e-wallets to store their stolen cash before transferring to some other account or spending on goodies. The victims are mainly new users who in-spite of being educated fall prey. The method of operation is old, but the excuse of demonetization is a new strategy taken by the scammers to misuse the e-wallet. They convince their target to disclose information like name; card number and even OTP (One Time Password) get the access of the account unlawfully. The scammer deliberately uses the word ‘confirmation code’ and even though the SMS states that the OTP is confidential, yet the victims remain casual in going through the entire message and ends up losing their money.

Ensure security while paying through digital platforms:

Users should ensure that they shouldn’t hand over their devices or cards to unknown people to swipe or conduct any transaction. Phone calls asking for card-details to be avoided. Phishing emails are to be recognized properly.

Ways to secure your cashless transaction:

According to eScan, there are several ways to keep your transactions safe while paying through digital wallets. They are –
• Ensure simple registration process.
• Ensure user or device verification before doing any transaction.
• Ensure proper security of your Mobile Wallet since it protects your money and even the features that save your cards.
• Implement Multi-factor authorization.

Posted in eScan 11, eScan 14, MailScan, Security | Tagged , , , , , , , , , , | Leave a comment

Using LetsEncrypt SSL Certificate with Communigate Pro

LetsEncrypt has been creating waves since it started providing SSL Certificates for free and has been applauded by many for this. Researchers and Enthusiasts have been providing support to this project by various means viz. integration of LetsEncrypt with various web-servers, automation of the certificate generation process including the renewal.

It is to be noted that although LetsEncrypt provides SSL for free the validity of the certificate is for only 90 Days. In this blog-post we shall be providing the process to integrating LetsEncrypt Certificate with Communigate Pro.

Communigate Pro is one of the leading email solution provider , however, when we wanted to implement these SSL certificates we couldn’t find any tangible information , which would allow us to do the same.


  • 1: Communigate Pro Web-Console
  • 2: Zero SSL or any of the ACME Clients.
  • 3: OpenSSL



1: Generate the Private Key (Save this key to some place safe.)
Note: LetsEncrypt requires the Key-size to be atleast 2048

Generate Account Private Key

openssl genrsa 4096 > ZeroSSLAccount.key

Print your Private Key

openssl rsa -in ZeroSSLAccount.key –pubout

This Key is to be used as ZeroSSL Account-Key

Communigate Pro

  • Generate Server Private Key

openssl genrsa 4096 > emailDomain.key

  • Create the config file as shown, this file is for multiple domains.
    File Name : extfile.conf

distinguished_name = req_distinguished_name
req_extensions = v3_req

countryName = IN
countryName_default = IN
stateOrProvinceName = Maharashtra
stateOrProvinceName_default = MH
localityName = Mumbai
localityName_default = Mumbai
organizationName = MWTI
organizationName_default = MWTI
organizationalUnitName = IT
organizationalUnitName_default  = IT
commonName = mwti.net
commonName_max  = 64
emailAddress = contact@escanav.com

[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

DNS.1 = escanav.com
DNS.2 = mail.escanav.com

  • Generate the CSR

openssl req -new -key emailDomain.key -sha256 -nodes -config extfile.conf -subj “/C=IN/ST=Maharashtra/L=Mumbai/O=MWTI/OU=IT/CN=mwti.net/emailAddress=contact@escanav.com/subjectAltName=DNS.1:escanav.com,DNS.2:mail.escanav.com” -out emailDomain.csr

Note: Use certutil.exe -dump <cert/key/csr> to see/check certificate.

Now that we have generated the Keys for:

  • ZeroSSL
  • Communigate Pro

We logon to Communigate Pro Web-Console and traverse to the following section:

Users –> Domains

We select the configured domain and then traverse to the following section:

Security –> SSL/TLS

Under the Request Client Certificates we choose the following:

PKI Services –> Enabled
Issued by
–> default()

Under the Private Key Section we choose:

Key Size –> Import and then Click on Generate Key button. An additional text-area is displayed with the heading Enter a Custom PEM-encoded Key.

Copy the contents of emailDomain.key, which was generated earlier and paste them in this Text-Area.

Click on Generate Key to submit the private key.

Step 1

Communigate Pro – Private Key Generation

A New section will be presented Certificate Generator, provide the Contact and Click on Create Signing Request. Although this task will generate a CSR, however this cannot be used as a CSR for ZeroSSL, since Communigate Pro used MD5/RSA as the signing algorithm and the requirement is that of SHA256/RSA.

The text-area Certificate Signing Request (CSR) is populated with the MD5/RSA CSR, however we delete the contents in this text-area.

Copy the contents of emailDomain.csr, which was generated earlier and paste them in this Text-Area.

Zero SSL

Browse to https://zerossl.com/ and paste the contents of ZeroSSLAccount.key in the Account Key text-area and contents of emailDomain.csr in the CSR text-area. Select HTTP verification, ZeroSSL TOS and Let’s Encrypt SA and then click on Next.

This is an important step since, you will now be verifying your Domain Name. Make sure that the domain name used is pointing to a web-server in the global DNS Records and is listening on Port 80.

Create the directory structure as mentioned in ZeroSSL



  • While using IIS, use command prompt to create the directory structure in the directory which is hoisting the website. Create the file with the contents as mentioned by ZeroSSL.
  • Open The IIS Manager and traverse to the hoisting site and select Mime-Type and add “.” “text/plain” , otherwise IIS will display an error.
  • After the HTTP verification delete the added Mime-Type
  • Multiple Domains when used during the creation of CSR would result in multiple verification requests.

Step 2

ZeroSSL Challenge Verification Link

Before clicking Next, browse to the location, so as to ensure that the contents of the challenge file are visible. After Clicking Next, the Certificate will be generated and will be made available for download.

Step 3

ZeroSSL Certificate Download

Download and store these files in a safe location.

Convert the domain-crt.txt to PEM format, since this is the format which is accepted by Communigate Pro.

openssl x509 -inform PEM -in domain-crt.txt > domain.pem

Copy the contents of domain.pem and paste them into the Enter a PEM-encoded Certificate text-area box and then click Set Certificate button.

Communigate Pro CSR and CRT Sections

Communigate Pro CSR and CRT Sections

The final screen of the adding LetsEncrypt SSL Certificate shows the details of the certificate including the issuer and its expiry date.

Note: Save the Account Number for quick reference

Communigate Pro - after successfully adding the Certificate

Communigate Pro – after successfully adding the Certificate

Enabling the HTTPS Listner

We logon to Communigate Pro Web-Console and traverse to the following section:

Settings –> Services –> HTTPU –> Init SSL/TLS –> On

Communigate Pro - Enabling HTTPS Listener

Communigate Pro – Enabling HTTPS Listener

Verifying the Certificates

Certificate - Validated

Certificate – Validated



  • Authors : DeepakS and SachinR
Posted in eScan 11 | Tagged , , , , | Leave a comment

Analogy of Digital Wallets

digital wallet

E-Wallets or digital wallets are there in India since the last decade, but demonetization scenario has dragged them into limelight. Here is a brief account on digital wallets, their functionality, selection process and safety measures.

An e-wallet is a digital form of your physical wallet. Just as your physical wallet stores cash, an e-wallet contains virtual cash. It is just an app installed on your smartphone to store funds digitally.

Several e-wallet players in India include banks (8%), telecom companies (45%) and third party providers (47%) like Paytm, Oxigen, Mobikwik, Oxicash, itzcash etc. The digital wallet market has grown significantly in the last five years. It is still growing at 40% annually. It is expected to clock a turnover of Rs. 700 billion by 2022. This year, due to demonetization, some leading players like Paytm are witnessing almost five million transactions per week. More than 60% of transactions like money transfers and recharges are now done through digital wallets.

Physical wallets are portable but they can store a limited amount of cash. In addition, physical wallets lead to concerns like theft, loss, soiling of notes etc. Even though digital payments like NEFT and ECS have grown faster, users find it uncomfortable to use these modes, as they require verification of user details each time. E-wallets resolve these concerns. They gained popularity because they are convenient and easily accessible through your smartphone. Users now prefer to make payments through mobile wallets, since it is virtually a single-click payment. It makes the overall transaction complete faster. In addition, installing an e-wallet on your smartphone as a mobile app is hassle-free.

Digital wallet companies have developed numerous strategic partnerships across categories to offer seamless transactions. Anyone can pay utility bills, book travel tickets, movie tickets or hotel rooms with the help of e-wallets. E-Wallets have created a system where payments happen seamlessly.

eScan suggests you the steps you can follow to use your digital wallet successfully:
1. Users can download a mobile app from the authentic online store (iTUnes/ Google Play Store).
2. Users can load money in the digital wallet via debit/ credit card, net banking etc. Normally there are no charges to transfer the funds into the wallet.
3. While doing the actual payment, the users need to choose `e-Wallet’ from the list of payment options given.
4. There are few partner apps that are associated to the e-wallet. The transactions can be completed even if a user has not downloaded the mobile wallet app. Just for example, Uber has tied up with Paytm, Ola has the Ola Money app etc.

All e-wallets are different from each other. Normally the options for loading money or restrictions on stored cash are similar in the entire category; the only difference lies in the number of partnerships any e-Wallet firm has. In order to use effectively, you can choose your e-wallet that has partnerships with merchants with whom you do transactions frequently. The reason of choosing similar e-wallets is that the money lying in an e-wallet without any transactions is useless. In addition, transfer of funds to your bank account has 1% charge (it has been waived off by several firms until December 31). Frequent transactions in digital wallet can also give you cash-back offers or loyalty points.

As far as security is concerned, e-Wallets are preferred to that of internet banking. According to eScan, you risk is limited with the money loaded in your digital wallet. The providers have to follow stringent security measures while making the services usable.

Although e-wallets have a safe mechanism for storing your valuable money, still you need to take some basic precautionary measures:
1) Never disclose/ write your e-wallet login details anywhere
2) To do any e-Wallet transaction, never hand over your smart phone to strangers like restaurant staff, supermarket attendant, mall employee, fuel station staff etc.
3) Ensure that you have installed a reputed mobile antivirus and regularly scan your smartphone for the presence of any suspicious app or detect and mitigate any suspicious activity.

Posted in eScan 11, eScan 14, MailScan, Security | Tagged , , , , , , , , , , , , , , , | Leave a comment