Argus Ransomware
The Argus Ransomware is a file-locking Trojan that stops your media from opening by encrypting it. The Argus Ransomware also changes the desktop's background image, promotes ransoming negotiations for the decryptor through a Web page, and makes additional attacks against the data storage integrity of your hard drives. Backing up documents and other work to external devices can save them from file-locking Trojans efficiently, and most anti-malware products should eliminate the Argus Ransomware without issue.
A Titan Clutching at Your Media
Russian security researchers are catching new samples of a file-locking Trojan whose name may be from an important character in the Blizzard's 'Warcraft' game series. While this threat's theme is, potentially frivolous, its attacks are as harmful as those of every other aspect of the Ransomware-as-a-Service business and hold the potential of encrypting your files permanently. However, of even more concern than the damage that it does to your individual media content is what the Argus Ransomware is capable of doing to the rest of your drive.
The Argus Ransomware uses a very typical combination of both AES and RSA data-ciphering methods, along with appending extra file information that's related to the custom key. Malware researchers also are finding it capable of performing many of the other tasks that one can see through similar threats, like the Scarab Ransomware, including erasing backups and disabling startup error messages. However, the Argus Ransomware's most notable feature, compared to any ordinary, file-locking Trojan, is its erasing 'free' space on the user's C drive. Such a function further obfuscates normal operations for recovering your files from local data, even for 'advanced' restoration tools.
The Argus Ransomware's possibly Warcraft-inspired name is visible on its ransom note (which is a Web page) and the background warning that it uses for replacing the desktop's wallpaper. Although the threat actors provide e-mail and TOR addresses for contacting them, there is upfront information on the decryption solution's price. Paying the ransom, also, has no guarantee for getting your files unlocked.
Toppling a File-Grabbing Giant
While the Argus Ransomware's first samples were brought to the fore by Russian-based security researchers, there are no Russia-specific features or configuration options with this threat's payload. This file-locker Trojan may block documents, movies, images, archives, and other media with little or no discrimination, other than avoiding essential locations like the Windows folder. Compatibility with different OS environments does not appear likely of forthcoming with the Argus Ransomware, whose campaign is operating on a low budget.
Users can defend their files against these attacks, primarily, by saving copies of them to other devices that a temporary infection can't encrypt or erase. If it's interrupted in time, restoring files from Windows Restore Points may not be impossible, as well. Prevention-based strategies like having anti-malware products scan all new downloads will help with deleting the Argus Ransomware before it becomes a problem.
Even though it 'only' erases non-used space, this behavior, combined with its attacks on regular media, makes the Argus Ransomware into a danger that may be beyond resolving through any local recovery utilities. Putting all your files in a single machine is, since the rise of RaaS and its' Trojans, no better than gathering your eggs into a single basket.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.