New: Chuingam/Xwin Ransomware

Chuingam, also called Xwin, is a new ransomware that is distributed via email containing a file attachment about "payment transfers." The file has a .cmd extension and is actually just an executable, so when the victim opens the file they get an error window and the malware starts downloading itself onto the computer.

In order to evade detection, Chuingam waits until the computer goes into sleep mode to archive the victim's files and add a password. Unlike many other ransomware variants, there is no actual encryption going on. After this is done, it shows the victim a ransom note, asking for 300 Euros to "decrypt" the files.

ThreatSTOP customers are protected against Chuingam.