8chan Ransomware

The 8chan Ransomware is a Trojan that locks your media by encrypting it with an algorithm, such as AES-256. This Trojan also creates ransoming messages asking you to contact an e-mail address for buying the threat actor's unlocking solution. Victims of these attacks should recover their data by free methods, such as backups, and have a proven anti-malware application uninstall the 8chan Ransomware immediately.

The Infinity of Free E-mail Services Enabling Extortion

While the average Web surfer is most likely of associating the term '8chan' with the image-based messaging forum, some threat actors have taken to using it with free e-mail services for managing harmful activities recently. New variants of a file-locking threat commits non-consensual encryption attacks against the data on infected PCs before redirecting the users to these so-called '8chan' e-mail addresses recently. However, the chosen name is arbitrarily-selected, and malware analysts can verify that the 8chan Ransomware campaign has no tangible links to the image board whose name it borrows.

Although there are multiple variants of the 8chan Ransomware, all versions run a hidden encryption process that tries to lock the PC's local media, such as documents or pictures, that isn't mandatory to the Windows operating system. In addition to making these files non-opening, the 8chan Ransomware also replaces their names with semi-random characters and appends one of several, '8chan.co' e-mail addresses. As usual, the locked media will not open until after being decrypted and restored to their previous formats.

All the versions of the 8chan Ransomware available to malware experts for analysis include one other feature of note: generating a Notepad file that contains the threat actor's demands for his decryption help. The 8chan Ransomware's message gives the user a customized identification string and one of several e-mail addresses matching the ones it inserts into the names of the blocked media. At this time, there isn't any data available on the cost of the decryptor or the currency for the transaction, but most con artists operating file-locking Trojans' campaigns also utilize non-refundable methods, such as Bitcoins.

Making '8Chan' Mean Web Forums Again

While uploads of the 8chan Ransomware are available on centralized threat databases for analysis by any interested parties, malware experts have yet to determine the infection or deployment strategies its campaign is using. The con artists could be introducing the 8chan Ransomware to new computers via manual installations after gaining Remote Desktop-based access, abusing e-mail attachments, bundling the Trojan with torrents or using browser-exploiting threats like the Nebula Exploit Kit. Limiting RDP settings, scanning downloads before launching them, patching your software, and disabling scripts are some of the most fundamental means of protecting your computer from these attacks.

Any victims of the 8chan Ransomware infections should ignore the ransoming demands, if possible, for retrieving their encrypted files. Many con artists accept their payments without giving a good-faith return of services back to those whom they attack, and free decryptors, occasionally, are compatible with file-locker Trojans. Besides backing up their work beforehand, PC users should trust their anti-malware programs for deleting the 8chan Ransomware, which uses memory injection and other techniques for concealing its presence.

Although e-mail is an all-but-essential service for anyone living in the modern world virtually, it also is exploitable. The con artists will continue launching campaigns like the 8chan Ransomware's one, as long as companies are giving them a free table for negotiating ransoms.