AnteFrigus Ransomware
The AnteFrigus Ransomware is a file-locking Trojan that can block your PC's files and hold them hostage until you pay its ransom. Since paying doesn't guarantee getting an unlocker, users should depend on secure backups for the best way of recovering anything that this Trojan locks. Conventional anti-malware programs also may remove the AnteFrigus Ransomware as a threat, either before or after it harms the PC.
The Advertisement that's Liable to Send Your Files Reeling
A corrupted advertising or malvertising campaign is responsible for circulating a new file-locking Trojan, on top of past ones like the numerous variants of the Crysis Ransomware and STOP Ransomware. This one, unlike most similar Trojans under analysis by malware experts, isn't a part of a predefined Ransomware-as-a-Service family. Whether the AnteFrigus Ransomware is part of the RaaS industry or not, it's still another problem for users who forget about their backups.
The distribution partner for the AnteFrigus Ransomware is HookAds, which collects victims from adult websites and uses filtering techniques for determining whether to infect them or display decoy content. The installation mechanism uses the RIG Exploit Kit: a well-known Exploit Kit that uses vulnerabilities in JavaScript, Flash, etc., for downloading threatening software. After the attack, the AnteFrigus Ransomware gets its desired system persistence, as well as access to the local files.
Although malware experts can't confirm how secure the AnteFrigus Ransomware's encryption is, the Trojan follows the SOP for a file-locker Trojan. It encrypts content, names them with extra extensions (six random characters, in the AnteFrigus Ransomware's case, although this feature doesn't function in all samples), and provides an error message that draws the user's attention to its Notepad ransom note. It also includes TOR website support, which furthers the possibility of the AnteFrigus Ransomware's being part of an incompletely-analyzed or new Ransomware-as-a-Service.
Pushing Back on Advertising Getting a Little Too Handsy
Exploit Kits, or EKs constitute a significant source of file-locking Trojans and other threats whose campaigns are interested in high-volume traffic. Regardless of their operating system, most users can implement some defenses that greatly hinder these drive-by-download attacks, even when they're occurring on non-corrupted websites. Disabling features such as Flash and JavaScript, and installing security patches as soon as they become available, will remove nearly all of the vulnerabilities that the RIG Exploit Kit might use.
Many drive-by-downloads also disguise themselves with various themes that encourage interactive clicking, such as software updates. Updates getting served from third party links should be presumed unsafe unless pressing evidence is found supporting otherwise. Never download patches for the software of major companies like Microsoft or Adobe without using links endorsed by that company.
Unlocking files that the AnteFrigus Ransomware attacks may or may not be a possibility. Until more information is available on its encryption algorithms and keys, malware experts can recommend little other than having anti-malware services delete the AnteFrigus Ransomware on sight and storing non-local backups regularly.
The AnteFrigus Ransomware's appearance is a refresher course on the dangers of browsing the Web. Even a website with a good reputation can serve a less-than-good advertisement, which is all the opening that the AnteFrigus Ransomware needs to sneak inside your files.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.