AgeLocker Ransomware
The AgeLocker Ransomware is a file-locking Trojan with variants for macOS and Linux operating systems currently. The AgeLocker Ransomware uses a free tool, Age, to encrypt the user's data files and ask for a ransom via e-mail without leaving a ransom note on the infected system. Users remain capable of defending their data through well-maintained backups and should let professional anti-malware products detect and remove the AgeLocker Ransomware while re-securing any compromised networks.
'Actually Good Encryption' Comes Around in Really Bad Ways
Many of the more professional file-locker Trojans' campaigns are byproducts of Trojan-construction kits and the seamless output of the Ransomware-as-a-Service industry. Bucking that trend, among others, the AgeLocker Ransomware is an independent Trojan without any relationship with the principal families of the year. This threat is hand-delivered to victims by unknown methods and uses GitHub-found software for its attacks.
The AgeLocker Ransomware's name comes from its encryption component: a Trojanized version of Age ('Actually Good Encryption'), which has a host page on the previously-mentioned code storage site. This program is a Google employee-coded alternative to the usual encryption methods like AES or RSA, but malware experts see no other Trojans using it besides the AgeLocker Ransomware. Besides locking files with any of three Age-supported algorithms, the AgeLocker Ransomware also encrypts the filenames and appends its extension onto them.
The AgeLocker Ransomware's other oddity is the omission of a ransom note on infected computers, usually an amateur mistake. However, in this case, the AgeLocker Ransomware's ransom note is an e-mail that the threat actor personally sends to the victim, asking for tens of thousands of dollars in Bitcoins. This choice emphasizes the customized and manual aspects of the Trojan's campaign, making it a possible danger to enterprise corporations, governments, and other entities with professional security and funding.
The Difficulties of Breaking into a Pseudo-Public Locker
Ordinarily, the use of software whose code is available for perusal might suggest less security on the part of any encryption routines. In the AgeLocker Ransomware's case, this is far from reality. All three versions of its encryption feature, using ChaChar20-Poly1305, HMAC-SHA256, and X25519, are currently secure. As always, any victims should place minimal hope into the possibilities of free decryption and, instead, rely on their hopefully-undamaged backups.
Due to only one, hand-picked target being a known entity, the infection exploits in the AgeLocker Ransomware's campaign aren't known. Malware researchers recommend countering any of the vulnerabilities most endemic to enterprise entities, such as weak passwords, outdated server software leading to remote code execution exploits, and e-mail attachment tactics. That last example may include content that's custom to the victim, including industry or employee references.
Despite its many advantages, the AgeLocker Ransomware has placed little emphasis on evading detection overall typically. The AgeLocker Ransomware is another tale of GitHub resources gone wrong, akin to the CryCryptor Ransomware or the Ramsomeer Ransomware. Still, blaming a programmer and his Web host is difficult when all it takes to neuter such a threat is responsible backup stewardship.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.