Suspected of ransomware through Fiddler

Progress® Telerik® Fiddler™ Classic Feedback Portal

Create an account Log In

Back to Feed

Request a Feature Report a Bug

Under Review

Last Updated: 29 Sep 2017 18:00 by Ali

Ali

Created on: 29 Sep 2017 04:59

Type: Feature Request

Suspected of ransomware through Fiddler

I have 10 computers running freshly installed Windows 7 (SMB 1.0 protocol disabled). Only the ones having Fiddler installed are infected with ransomware (encrypting the files for a BTC ransom with email: drakoshka@yahoo.com).
The first attack happened few weeks ago and yesterday again. The only external software other than Windows installed on the infected machines is Fiddler.
Please check your environment in any case, you may be infected somehow.

2 comments

Imported User

Posted on: 29 Sep 2017 05:00

@Eric Lawrence: The ransomware just infected the machines with Fiddler installed. That's why I warned you.
I can't say 100% it comes with Fiddler but If you're using some external component or installer keep that in mind.

Eric

Posted on: 29 Sep 2017 05:00

> "The only external software other than Windows installed on the infected machines is Fiddler"

You mean, the only external software on the infected machines is "Fiddler, and of course the ransomware itself."

In the vast vast majority of cases, ransomware infections originate from web browsers, where malicious advertisements trigger ransomware downloads.