Ebaywall – ransomware born out of anger against eBay

In the first week of August the Capture Labs Threat Research team at SonicWall has reported another ransomware breed that holds apparent grudge against eBay.

The ransomware is self-titled  Ebaywall and is demanding a ransom payment in Monero (crypto currency) amounting to XMR 200,000 or roughly $8.95M.

A back story is provided in a file on each infected computer which appears to refer to kijiji.ca, an online classified service in Canada, a subsidiary of eBay International AG.

Its author expresses his grudge against eBay for blatant disregard for security to protect its 5 million members and disinterest in investing into bolstered security measures.

In his manifesto, he is making it sound that eBay is to blame for everyone infected with eBayWall. However, it is unclear how eBay is going to respond to the cyber criminal’s claims.

Upon execution, this ransomware creates the file “ebay_was_here” as an infection marker.

 

As with other iterations of ransomware, their omnipresent threat and the prevalence these types of attacks, constant vigilance,  multi-layer, hybrid data backup strategy and business continuity planning are strongly recommended to prevent permanent data loss. This approach is far less taxing than trying to figure out ways how to decrypt files corrupted by ransomware, recover invaluable datta and remove remove residual effects caused by malware.