Home Malware Programs Ransomware A3C9N Ransomware

A3C9N Ransomware

Posted: September 10, 2020

The A3C9N Ransomware is a file-locking Trojan that's part of a family of Trojans named Snatch Ransomware. The Trojan blocks most media on Windows computers for holding it hostage, after which, it sells a ransom-based unlocking service. Users should always protect any valuable files with backups and have compatible anti-malware tools active for safely deleting the A3C9N Ransomware.

A Snatcher of Money and Files on the Side

Ransomware-as-a-Services, in-house Trojan-creating kits, and 'freeware' like Hidden Tear all are responsible for the availability of file-locking Trojan software within the threat landscape. The deployment methods for each source may change, but the SOP, generally, doesn't, as the Snatch Ransomware family continues proving. A new of this group, the A3C9N Ransomware, has little that's new in store for any victims, but no compelling reasons for changing its model for doing 'business.'

The A3C9N Ransomware's family sometimes receives attention due to minor quirks, such as its favored methods of compromising corporate networks, its tendency towards leaking collected data, and its latest feature of restarting PCs in Safe Mode. The last of these functions blocks most software at the time of the Trojan's operation, which lets the A3C9N Ransomware and similar variants encrypt data without interruptions. The infection methods usually involve attackers cracking logins with brute-force or using lures, such as e-mail attachments.

The A3C9N Ransomware deletes local backups while also encrypting any vulnerable media, such as documents and databases on infected devices (generally, Windows servers). The random string in its name, which it appends as extensions, makes for the only difference most users would see from any other family member, such as the Cndqmi Ransomware, the Fxmwtv Ransomware, the Jdokao Ransomware or the Mcauwpjib Ransomware. This file-locking feature is the core of any file-locker Trojan's campaign. The Snatch Ransomware family also threatens to leak businesses' data to publicly-viewable websites, on top of that attack.

Guaranteeing Good Luck Versus Randomly-Generated Trojans

File-locking Trojans that are part of Snatch Ransomware's family may attack networks after employees open fake invoices or other, e-mail-attached documents. Updating word processing software and turning off macros will take out many vulnerabilities that help drive-by-download attacks. Users also can scan e-mail attachments for possible threats and use strong passwords that resist brute-force tools.

Without a backup, most victims will have no recovery options besides the high-risk gamble of a ransom that depends on a criminal's generosity. The absence of an up-front ransom amount also suggests potentially-high expenses for any takers; the encrypted contents of a small business's servers may 'sell' for thousands to tens of thousands of dollars. Backing up files to other devices will offer hope of recovery for any documents and other media without bringing ransoms into the equation.

Malware experts rarely see file-locking Trojans with any dedicated anti-detection features of significance, which also applies to the Snatch Ransomware family. Anti-malware applications from reliable sources should eliminate A3C9N Ransomware infections by default.

Almost any novice programmer can create secure encryption routines, and even inexperienced threat actors may hire Trojans that wield the same feature against the public. Anyone on a Windows computer should remember that fact and compensate for the existence of threats like the A3C9N Ransomware in their backup schedules particularly.

Loading...