Home Malware Programs Ransomware 0day0 Ransomware

0day0 Ransomware

Posted: May 6, 2020

The 0day0 Ransomware is a file-locker Trojan from the Dharma Ransomware family, a Ransomware-as-a-Service. The 0day0 Ransomware keeps files of prominent media formats from opening by encrypting them and solicits ransoms from victims through pop-ups and text notes. Users can always protect their media with appropriate backups and allow anti-malware products to delete the 0day0 Ransomware on sight.

What Day Zero Means for Your Files

The Crysis Ransomware, one of the oldest and most wide-ranging of file-locker Trojan families, is remaining active in its 'aged years' as of 2020. New variants, mostly from the Dharma Ransomware sub-group, are frequent occurrences in the threat landscape, using tricks such as Exploit Kits or phishing e-mail tactics for compromising users' PCs. The 0day0 Ransomware is the latest case in point, after a long and storied lineage with Trojans like the Group Ransomware, the ROGER Ransomware, the YKUP Ransomware, and the older Bizer Ransomware.

The 0day0 Ransomware is a Windows program whose executable imitates the name of an OS component (surprisingly, 'winhost32' instead of the more-common 'svchost') for hiding. The 0day0 Ransomware under a megabyte program is, otherwise, in line with similar versions of the Crysis or the Dharma Ransomware: it uses the AES encryption for converting files into non-opening ones, tags them with its name as an extra extension, and deletes the Restore Point and the Shadow Volume Copies. These attacks keep users from opening most media on their computers, while the Trojan solicits its ransom.

The 0day0 Ransomware's ransom message is a barely-altered pop-up and text file that uses the usual template for its Ransomware-as-a-Service family. The threat actor gives an e-mail address for negotiating, but few details, such as the cost of the decryptor. Paying is generally a risky solution for recovering data, and malware experts discourage it except as an extreme, last resort.

Getting through a Trojanized Day

With Windows backups erased through the 0day0 Ransomware's CMD commands, victims have the best chances of recovering their documents, pictures, and other media via non-local backup services or devices. Cloud services and removable drives are helpful in this regard, particularly. Although the 0day0 Ransomware is a 32-bit Windows program, file-locking Trojans of other lineages are active in Linux and macOS environments, as well.

Workers in business network environments are at risk from the 0day0 Ransomware infections through two primary means: e-mail-based attacks and brute-force ones. Users with appropriately-stringent passwords will make brute-forcing an untenable strategy. Meanwhile, e-mail-attached documents should always receive an appropriate scan from security software, and users should be careful about enabling macros or advanced content in them.

All users also can keep themselves safe through updated anti-malware services that will delete the 0day0 Ransomware before it launches any attacks, encryption-related or otherwise.

As a money-making enterprise, the 0day0 Ransomware and its family depend on their revenue as much as any above-board business. Putting an end to their encryption sprees requires victims not paying into their ransoms, even if there's a sacrifice of valuable work data as a result.

Loading...