AresCrypt Ransomware

The AresCrypt Ransomware is a file-locking Trojan that blocks digital media, which can include documents, pictures, and other types of recreational or work files. Even though the AresCrypt Ransomware's author labels it as an 'educational' project, threat actors may exploit its features for extorting money or causing permanent damage to Windows PCs. Most anti-malware products operating with updated databases should remove the AresCrypt Ransomware on sight safely, and non-local backups can reduce the long-term harm of infections.

The God of War Goes Open-Source

'Free' Trojans and associated threats are some of the most popular examples of the threatening software industry. Besides the famous example of Hidden Tear and EDA2 of Utku Sen, threat actors also are deploying campaigns through resources they borrow from GitHub, ranging from the Chinese-to-English evolution of YourRansom Ransomware, the JavaScript-based deepMiner Cryptojacking, or the MauriGo Ransomware. Early 2018 also includes another 'free' file-locker Trojan from GitHub: the AresCrypt Ransomware.

The AresCrypt Ransomware uses what malware experts are rating as being a likely variant of the AES for encrypting different files on your PC, similarly to most file-locker Trojans. The program also bundles decryption and ransom-tracking modules in its payload and is part of an encompassing framework its author refers to as Ares (Arsenal of Reaping Exploitational Suffering). As usual, the responsible programmer is claiming that the AresCrypt Ransomware isn't intended for live deployment against any victims, despite including most of the functionality that criminals would require for such purposes.

A standard attack includes both the locking of the user's local files via AES and the delivery of a ransom message through pop-ups or text, after which, the user could find himself paying for the decryption feature's unlocking help. Other functions that malware experts note as being current with the AresCrypt Ransomware's last build include:

• The AresCrypt Ransomware transfers limited information to a remote C&C server for tracking infections and any ransom-related activities, which it bases off a configurable and installation-specific API.
• The AresCrypt Ransomware provides general options for modifying its payload according to the standards of the rest of the file-locking Trojan industry, such as choosing different directories or formats for encrypting.
• The AresCrypt Ransomware may auto-terminate some memory processes or use other, sandbox-based means of avoiding any detection from modifying Windows' critical applications.

Ending the Warfare that Your PC Doesn't Need

Although the AresCrypt Ransomware's author claims that this Trojan is solely demonstrative in an educational or otherwise protected environment, this assertion is, most likely, a bluff for legal defense purposes. The free downloading and analysis of its code means that any criminal could pick up, reconfigure, and deploy the AresCrypt Ransomware against any victims of their choice with little work. Accordingly, predicting its distribution strategy is difficult, even though most file-locker Trojans use some combination of e-mail spam or brute-force hacking tools.

No free decryption tool, yet, exists for the AresCrypt Ransomware, and the code for unlocking its built-in equivalent is configurable between different installations. Since decrypting anything that this threat is locking isn't feasible necessarily, all Windows users should have their backups kept safely on other devices for later restoration, such as a cloud service. Any standard anti-malware program should delete the AresCrypt Ransomware immediately, which lacks many self-obfuscating defenses against the industry's traditional threat-analyzing techniques.

In a world where launching Trojan campaigns can be so profitable, one wonders why some programmers choose to give their 'products' away for free. The AresCrypt Ransomware is another addition to a basket already overfull with freeware Trojans, giving criminals ever more options for the taking.