24H Ransomware

The 24H Ransomware is a file-locker Trojan that blocks its victims' files and creates messages demanding on Bitcoin payments for unblocking them. Media such as documents, pictures, movies, audio, and archives are in particular danger of blocking, and the encoding process may not be reversible. Users should protect their PCs with anti-malware products that can uninstall the 24H Ransomware by default, and keep their files safe by saving backups to other, secure devices.

The Magic Number for Getting Shaken Down over Files

A file-locking Trojan with a custom payload is starting attacks against random PC users, with only victims in the central African nation of Zambia being verifiable, at this time. The Trojan, the 24H Ransomware, operates almost identically to that of families like Hidden Tear by encrypting and withholding the users' files until they pay the ransom demands in its text messages. Due to the campaign's limited footprint and sample distribution, malware experts have yet to link the 24H Ransomware to Ransomware-as-a-Service businesses, open-source projects, or other resources that threat actors exploit for developing similar Trojans.

Encryption methods that the 24H Ransomware may use include the AES-256, RSA, and XOR, among others, any of which can lock different formats of files and stop their opening in their associated applications indefinitely. The 24H Ransomware injects '.24H' extensions into each file that it blocks and may target the contents of locations like the desktop or the Downloads directory, as well as Word documents, JPG pictures and similar media. The Trojan also could delete any local backup content, such as the Shadow Copies that Windows uses in its System Restore points, for stopping the victims from recovering their files.

Along with a custom extension, malware experts also are confirming the 24H Ransomware's use of text message whose contents are singular for its campaign. However, the transaction method that the Trojan uses is typical for file-locker Trojans of most types: asking for Bitcoins (in this case, 0.24) that the victim sends to the criminal's wallet, and giving an e-mail and ID for managing the transfer of the purchased file-unlocking software. The decryption programs 'purchased' this way aren't always compatible with the user's files, however, and some threat actors bluff the availability of the solution.

Doing the Math on Bad File Security

While a fraction of a Bitcoin may seem a small ransom, it converts, at current rates, to over one thousand USD. Extortionist prices of this expense, often, are targeting corporate or other, for-profit entities, although they also may be in Trojan campaigns seeking random victims. Many of the infection strategies distributing threats like the 24H Ransomware involve e-mail attachments, corrupted PDF or Word documents, and brute-force attacks that break fragile name-password combinations.

Malware researchers are unable to confirm whether the 24H Ransomware's encryption method is breakable by third-party utilities. Since implementing an unbreakable file-locking feature is a relatively simple programming task that doesn't exacerbate the program's footprint to any significant degree, users wanting protection for their files should back all of their work up to other devices. Removable, peripheral storage and cloud services are two, optimal solutions. Various anti-malware products also should delete the 24H Ransomware without giving it the chance to attack your media.

Nations like Russia, Germany, and the United States are the usual victims of file-locker Trojans' campaigns. The 24H Ransomware is a 'warning shot' to remind residents of all nations that nowhere is a haven from these threats, as long as your files have any monetary value to you.