| Image may be NSFW. Clik here to view.  |
Urausy is now targeting Middle East with cashU as payment system.
It seems that Reveton could disappear as the almost only distributor ( /world/ Cool EK) has switched to Urausy since 2013-04-04 (after few days of a Reveton stealing Urausy Design)
<edit 2013-04-08> Reveton back on Cool EK /World/ </edit>
I've seen Urausy pushed in almost all known Exploit Kits : Sibhost (as i explained, the C&C architecture of Urausy is shared with this Exploit Kit), Cool EK, Sweet Orange, RedDot v2, Blackhole, Neutrino....). It's everywhere.
Here are the Middle East design I was able to gather...
United Arab Emirates
| Image may be NSFW. Clik here to view.  |
| Urausy AE 2013-04 (second one after Ransom.EY) |
| Image may be NSFW. Clik here to view.  |
| Urausy LB 2013-04 First in that country |
Palestinian Territory
| Image may be NSFW. Clik here to view.  |
| Urausy PS 2013-04 |
Saudi Arabia
| Image may be NSFW. Clik here to view.  |
| Urausy SA 2013-04 First in that country |
C&C Redirectors right now :
otcdj.net - 5.133.179.179
pqfmp.com - 91.221.99.26
Files :
Urausy_from_CoolEK_2013-04-06.zip (OwnCloud via Goo.gl)
containing
6bb3f80a10a26cb6b9f7e33fc006f9a0
caf63b1aa24e4fdf9ece76593f27d3ca
abfe5dd5511535380c57e7ccacaa9454
Read More :
Urausy page on Botnets.fr
Don’t Pay Up – How To Beat Ransomware! - 2013-04-05 - MakeUsOf - Guy McDowell
Urausy: Colorfull design refresh (+HR) & EC3 Logo 2013-02-09 (+ edits)
Urausy has big plan for Europe - Targeting 3 new countries among which Norway 2012-09-22
Urausy improving its localization - A (the?) Gaelic Ransomware with Interpol impersonation as default landing 2012-09-13
