Bleeping Computer reports on the discovery of yet another ransomware strain that encrypting users files and, rather than requesting bitcoin payment, redirects users to an online payment portal where the ransom may be paid via credit card:
The ransomware is not under active distribution and appears to be still under development. First samples were spotted by security researcher MalwareHunter going back to January 15.
The ransomware identifies itself as MindLost, but Microsoft detects it as Paggalangrypt.
The biggest clue that MindLost is still under development, is that this filter is not active yet. Searching and encrypting files on all the storage mediums is time consuming, so current MindLost samples bypass this behavior and only encrypt files in the “C:\\Users” folder. Stable versions will likely not feature this filter.
It is abnormal to see a development sample out in the wild like this, but not unprecedented. Analyzing it now will allow signatures to be written to detect the current variant, but a future distribution will likely be altered enough to be undetectable.