Angus Ransomware
The Angus Ransomware is a file-locking Trojan that keeps documents and other media from opening with encryption. The Angus Ransomware belongs to the Zeropadypt Ransomware family and includes the expected symptoms, such as a text ransom note and extensions that include victim IDs. Users always should prep backups for protecting any digital media, and have at least one anti-malware product capable of deleting the Angus Ransomware and other, file-locking threats.
Observing the Shortened Reign of a God
Appropriately enough, the reign of the Kronos Ransomware as an exemplary showcase of the Zeropadypt Ransomware's familial attacks is over, with the Angus Ransomware serving as the next, latest variant. Although it uses some minor differences in its ransoming requests, the Angus Ransomware shares many of its late kin's symptoms and attack routines. Out of the latter, the encryption that it wields for blocking files is the most relevant to any victims.
Besides displaying a briefly-visible CMD window, there are no significant symptoms before the Trojan starts encrypting files. The Angus Ransomware uses the Windows Command Prompt for disabling various programs, mostly relating to SQL and server management. After that, it encrypts work such as documents, spreadsheets, images and other media. The Angus Ransomware also includes the family's preference for appending entire e-mail addresses, IDs, and extensions onto these files, although it uses both a new extension (as per its name) and e-mail.
Malware experts also don't see many changes in the e-mail message, which remains similar to that of the Koronos Ransomware. However, it does change the e-mail address and service, as is appropriate for a new threat actor. One minor point is that the Angus Ransomware takes the unusual tack of favoring Gmail, instead of the numerous, free e-mail providers with fewer security concerns or a legitimate reputation to maintain.
Attending to New Trojans Spun-Off of Antiquated Sources
Whether it's a known factor or not, there is always a risk in paying ransoms, such as the Bitcoins that the Angus Ransomware asks for in its dropped text messages. Criminals can take the ransoms, refuse payment, and not be in any danger of losing the money from a refund – thanks to cryptocurrency's unique, 'wild west' format. However, malware experts find no risks in using any free trials that threat actors, frequently, offer as a lure for getting the ransom afterward.
The Zeropadypt Ransomware family is using secure encryption that may never get a free solution or crack. Because decryption never is a universal possibility, users should compensate by maintaining rigorous, traditional backup practices. Avoiding risky downloads like pirated software, disabling your browser's scripts, and keeping document macros inactive will help with avoiding noted infection methods for file-locker Trojans of every family.
Users with anti-malware protection, on the other hand, should delete the Angus Ransomware automatically, in most attacks, or can disinfect their PCs and recover from a backup at their leisure. The Angus Ransomware is a bit player in an illicit industry that moves as fast as the days change. So it's fortunate that the solution to its existence is more-or-less static: a maintained backup, security software, and common sense.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.