Ako Ransomware
The Ako Ransomware is a file-locking Trojan that blocks media content, including images, documents, and audio, so that victims pay its ransom fee. Symptoms besides unusable files include random, additional extensions, and different variants of ransoming instructions with campaign-specific e-mails and websites. Users should keep their backups secure for recovering and have anti-malware products for deleting the Ako Ransomware immediately.
A Trojan Trading Network Data for Bitcoins
A threat actor is testing different ways of collecting ransoms from vulnerable people by circulating two, minor Trojan types that take files hostage. The Ako Ransomware operates very typically for most examples of a Ransomware-as-a-Service, except for how it communicates in its ransom notes. Two versions of the instructions recommend very different ways of paying – likely, for testing out different methods of psychological manipulation and getting the most Bitcoins per infection.
Some versions of the Ako Ransomware are circulating with the filename of 'Dharma' on their executables. This name is, likely, a misnomer. Other factors of the Ako Ransomware's payload don't align with traditional members of the Dharma Ransomware, a well-known Ransomware-as-a-Service. However, malware researchers do confirm the Ako Ransomware's sharing a core attack with the group: encryption, which it uses for 'locking' media files.
The Ako Ransomware supports the encryption feature with appending semi-random characters onto filenames as new extensions, unlike the predetermined labels of Dharma Ransomware. Different variants of the Ako Ransomware also drop different ransom notes – one build provides e-mail addresses for negotiating, while the other refers victims to an anonymous, TOR website. No Bitcoin ransom payments are being made to the campaign's wallet, although there are signs of lesser transactions taking place.
Reasons for being Slow to Throw Good Money after Bad Actors
Even though the Ako Ransomware is new to the threat landscape, its payload has high expectations for making money. Ransom sums, for versions of the Ako Ransomware that provide them, convert to nearly four thousand USD in value currently. As always, victims should test free decryption possibilities, advanced recovery software, and other solutions before risking buying a decryptor from a criminal.
Many traits of the Ako Ransomware are confirmable under current samples, including the preference for x64 Windows environments. The Trojan also maintains the regular habit of file-locker Trojans for deleting the Shadow Volume Copies, AKA the Restore Points, with a silently-delivered CMD command. Unfortunately, propagation methods are unknown to malware researchers.
The public should concentrate on countering password and software-based vulnerabilities, as well as e-mail phishing lures. Almost no file-locker Trojan infections abuse zero-day exploits successfully, which means that most attacks are preventable. Anti-malware solutions also will detect and delete the Ako Ransomware as a generic threat, in most cases.
It's not beyond all possibility that the Ako Ransomware represents a leap in formatting and ransom-collecting for the Dharma Ransomware's family. What's far more likely as being the case, sadly, is that it's newfound competition in an incredibly crowded field full of dangers for the unprepared.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.