Home Malware Programs Ransomware Aris Ransomware

Aris Ransomware

Posted: July 9, 2020

The Aris Ransomware is a file-locking Trojan that can lock the user's media and hold it hostage until its threat actor receives a ransom. Because of the expense and dangers of ransom-based transactions, users should have backups in a non-local and secure location for recovering anything that this threat blocks. Anti-malware programs, also, should uninstall the Aris Ransomware and prevent most infection exploits.

The Aris Ransomware: the Cheaper Option in Criminal Extortion

Alternately referring to itself as either 'ArisLocker' or 'Aris Locker,' the Aris Ransomware is a 'budget' example of a file-locking Trojan that best resembles some earlier cases of Utku Sen's Hidden Tear. This independent threat is conducting the usual attacks of encrypting vulnerable media and asking for money from its owners, which puts it in the same class as most Ransomware-as-a-Service families. However, unlike the current RaaSes, the Aris Ransomware asks for a notably low price for its data-decrypting help.

The primary feature of the Aris Ransomware is its encryption function that searches for and 'locks' files of formats that can include (for example) Word or Adobe PDF documents, Notepad TXT text, JPG or GIF pictures, XLSX spreadsheets, etc. The extension from its name, which the Trojan adds to theirs, is a clear marker of what files it holds captive, removing the need of the victim's testing each file.

The encryption routine is a hidden background process, but the Aris Ransomware creates a visible text message and a new wallpaper background, afterward. Its 'Readme' is a unique text that asks for Bitcoins for the decryptor – but no more than seventy-five dollars' worth. The price makes the Aris Ransomware far cheaper than the average RaaS like the Scarab Ransomware, the Dharma Ransomware or the Djvu Ransomware. Still, malware experts recommend against paying since the low cost might be just a way of tricking victims into paying for nothing as fast as possible.

Turning Low Costs into No Cost at All

Since file-locking Trojans with secure encryption routines remain a part of the threat landscape extremely active, users should be backing up their work onto secure, secondary devices as a matter of course. The Aris Ransomware threatens most Windows versions, although malware experts can't confirm any specific infection scenarios. 2020 infection vectors for file-locker Trojans include everything from browser vulnerabilities like JavaScript-abusing Exploit Kits, to e-mail spam with attached files, to torrents for high-demand products like video games and productivity software.

The average user's best chances of averting any attacks are through self-protecting behavior like the following:

  • Disabling Flash, JavaScript, Java, and macros will cut down on the availability of exploitable vulnerabilities.
  • Keeping all software up-to-date will shrink the presence of vulnerabilities even further.
  • Avoiding or scanning downloads from potentially-threatening sources like e-mails or torrent networks will minimize potential contact with corrupted files.
  • Using secure passwords will minimize the possibility of criminals brute-forcing their way into a system with Black Hat tools.

When undertaken together, these steps can cover for most infection scenarios and eliminate drive-by-downloads for both the Aris Ransomware and the far larger Ransomware-as-a-Services in the wild. Dedicated anti-malware products also double as viable defenses and should remove the Aris Ransomware securely.

At under a hundred dollars, the Aris Ransomware's expectations from its victims are humble, but there's no need to pay. With cheap and free backup solutions for every circumstance, leaving the cost of files up to a hacker is reckless, at best.

Related Posts

Loading...