Agho Ransomware
The Agho Ransomware is a file-locking Trojan that's from the STOP Ransomware family, an international Ransomware-as-a-Service. Windows users are at risk from its core attacks: blocking files with encryption and deleting their local backups. Non-locally-stored backups for recovery are recommended, in addition to trusted security solutions for removing the Agho Ransomware.
More Peril from the Trojan Family that Doesn't Live Up to Its Name
Going against its name for the hundredth time, the STOP Ransomware shows off a variant out in the wild as of early November. The Agho Ransomware is a new update for Windows environments, with changes to some cosmetics but keeping the fundamental attack strategies intact. However, with any RaaS (Ransomware-as-a-Service), a lack of change needn't indicate little danger to any victims.
Windows users are at most risk from the Agho Ransomware's encryption, which loads with either a C&C-downloaded key or an internal, static one. In most infections, the encryption is secure sufficiently that there's no hope of third-parties ever breaking it and restoring the affected files. With this encryption routine, the Agho Ransomware can block most digital media, such as Word or PDF documents, pictures, spreadsheets or archives.
The Agho Ransomware adds 'agho' extensions to these files as clues to their imprisoned status. The randomized four-character string is a tradition in its family, with similar examples appearing in campaigns like the Jdyi Ransomware, the Nile Ransomware, the Vpsh Ransomware or the ancient Djvu Ransomware. Usually, it has no underlying linguistic meaning.
Although malware analysts can't confirm an infection method, the Agho Ransomware's campaign uses random names for the installer, which might be imitating a 'temporary' cookie or junk file.
Some Extra Accessories in an Average File-Locking Attack
The STOP Ransomware members offer more than the bare minimum of encryption or locking files in their payloads. Most cases that malware experts see also include the active use of assisting features that obfuscate the threat's identity or cause more harm to the PC's security. Issues Windows users should watch for include:
- Fake Windows update prompts
- Browser-hijackings that block security-related websites
- Deleted Restore Point data
- Unwanted changes to security and network-related settings such as intranet configuration
Many of these features subvert Windows components like the Registry or Hosts file, which requires further editing or recovery procedures.
Although the ransom is one way of recovering 'locked' files from the Agho Ransomware's family, paying it isn't a surefire solution. Victims should consider the instructions in their text ransom note with due suspicion and interact with any files from the threat actors only under protected conditions. Decryption solutions from third parties tend to be ineffectual, although there are exceptional circumstances where a STOP Ransomware variant uses a non-secure encryption algorithm.
Most security solutions for Windows can identify and delete the Agho Ransomware, with most detection results being for generic threats. Users also can improve their PC's safety with good passwords, software patches, and avoiding high-risk features like document macros or browsers' JavaScript.
The Agho Ransomware is less than a megabyte and downloads in seconds, and its encryption feature takes almost as little time for completing the media block. When speed is on the side of Trojans, Windows users should have forethought on theirs, unless they like risking ransoms with criminals around the world.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.