Fiddler Ideas

The free web debugging proxy for any browser, system or platform.

Suspected of ransomware through Fiddler

I have 10 computers running freshly installed Windows 7 (SMB 1.0 protocol disabled). Only the ones having Fiddler installed are infected with ransomware (encrypting the files for a BTC ransom with email: drakoshka@yahoo.com).
The first attack happened few weeks ago and yesterday again. The only external software other than Windows installed on the infected machines is Fiddler.
Please check your environment in any case, you may be infected somehow.

  • ali veli
  • Sep 29 2017
Bug
  • Attach files
  • Eric Lawrence commented
    September 29, 2017 17:18

    > "The only external software other than Windows installed on the infected machines is Fiddler"

    You mean, the only external software on the infected machines is "Fiddler, and of course the ransomware itself."

    In the vast vast majority of cases, ransomware infections originate from web browsers, where malicious advertisements trigger ransomware downloads.

  • ali veli commented
    September 29, 2017 17:59

    @Eric Lawrence: The ransomware just infected the machines with Fiddler installed. That's why I warned you.
    I can't say 100% it comes with Fiddler but If you're using some external component or installer keep that in mind.