Agho Ransomware Description
The Agho Ransomware is a file-locking Trojan that's from the STOP Ransomware family, an international Ransomware-as-a-Service. Windows users are at risk from its core attacks: blocking files with encryption and deleting their local backups. Non-locally-stored backups for recovery are recommended, in addition to trusted security solutions for removing the Agho Ransomware.
More Peril from the Trojan Family that Doesn't Live Up to Its Name
Going against its name for the hundredth time, the STOP Ransomware shows off a variant out in the wild as of early November. The Agho Ransomware is a new update for Windows environments, with changes to some cosmetics but keeping the fundamental attack strategies intact. However, with any RaaS (Ransomware-as-a-Service), a lack of change needn't indicate little danger to any victims.
Windows users are at most risk from the Agho Ransomware's encryption, which loads with either a C&C-downloaded key or an internal, static one. In most infections, the encryption is secure sufficiently that there's no hope of third-parties ever breaking it and restoring the affected files. With this encryption routine, the Agho Ransomware can block most digital media, such as Word or PDF documents, pictures, spreadsheets or archives.
The Agho Ransomware adds 'agho' extensions to these files as clues to their imprisoned status. The randomized four-character string is a tradition in its family, with similar examples appearing in campaigns like the Jdyi Ransomware, the Nile Ransomware, the Vpsh Ransomware or the ancient Djvu Ransomware. Usually, it has no underlying linguistic meaning.
Although malware analysts can't confirm an infection method, the Agho Ransomware's campaign uses random names for the installer, which might be imitating a 'temporary' cookie or junk file.
Some Extra Accessories in an Average File-Locking Attack
The STOP Ransomware members offer more than the bare minimum of encryption or locking files in their payloads. Most cases that malware experts see also include the active use of assisting features that obfuscate the threat's identity or cause more harm to the PC's security. Issues Windows users should watch for include:
- Fake Windows update prompts
- Browser-hijackings that block security-related websites
- Deleted Restore Point data
- Unwanted changes to security and network-related settings such as intranet configuration
Many of these features subvert Windows components like the Registry or Hosts file, which requires further editing or recovery procedures.
Although the ransom is one way of recovering 'locked' files from the Agho Ransomware's family, paying it isn't a surefire solution. Victims should consider the instructions in their text ransom note with due suspicion and interact with any files from the threat actors only under protected conditions. Decryption solutions from third parties tend to be ineffectual, although there are exceptional circumstances where a STOP Ransomware variant uses a non-secure encryption algorithm.
The Agho Ransomware is less than a megabyte and downloads in seconds, and its encryption feature takes almost as little time for completing the media block. When speed is on the side of Trojans, Windows users should have forethought on theirs, unless they like risking ransoms with criminals around the world.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Agho Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.