Armageddon Ransomware
The Armageddon Ransomware is a file-locker Trojan that may try to sabotage your files with encryption, data corruption or other attacks. Its payload justifies this damage as a way of soliciting Bitcoin ransoms from its victims. Users should back their work up as a preventative step against the Trojan and use anti-malware programs to delete the Armageddon Ransomware in all situations.
A Trojan from the Future to Take Your Coins
Security products catching a file-locking Trojan in development are mistaking it for a variant of Hidden Tear, possibly, due to how limited its payload is. While the Armageddon Ransomware isn't an actual variant of Utku Sen's well-known project, its author is leaving no doubt of his plans of blocking media for money. In the meantime, the Trojan has several characteristics for setting it apart from the pack, some of which are even humorous.
The Armageddon Ransomware is a 32-bit Windows program that's using the unilluminating name of 'WnCryMode' for distribution, which could be an indication that future developments will market it as a free software product of some kind. Its samples are a consistent 322 kb in size and have no signature or certificate information for further falsifying its identity. The oddest info is in its creation date field, which shows a year of either 2072 or 2080.
Malware researchers find no working encryption in these early versions of the Armageddon Ransomware, but the program does have a pop-up ransoming message. The HTA or advanced HTML window includes a link to a functional Bitcoin wallet, English instructions on paying the ransom, and a countdown for its 'decryption code destruction' feature. Readers should remember that nearly all of the file-locker Trojans with this assertion are bluffing the attack, and shouldn't oblige themselves of abiding by a Trojan's schedule.
Kicking the End of the World Back Towards the Future
The Armageddon Ransomware's ominous name is in contrast to its capabilities, which are little more than frightening the victim, as it stands. However, encryption isn't a challenging feature for coding, and threat actors can borrow preexisting code for this purpose without needing monetary resources. Users should assume that the Armageddon Ransomware infections are capable of harming their files, such as documents or pictures, and back their work up appropriately.
Some guidelines for avoiding any infection techniques that the Armageddon Ransomware's campaign might leverage include turning off risky features like JavaScript or Word macros, declining downloads from torrents and other, unofficial sources, and scanning all e-mail attachments before opening them. The misidentification of the Armageddon Ransomware as a version of Hidden Tear should have little effect on the effectiveness of traditional security services. Nearly all anti-malware products are deleting the Armageddon Ransomware safely, even if a minority is presuming that it's another kind of file-locker Trojan.
Any weeping that this 'WnCryMode' program provokes is self-inflicted grief. A backup and standard security practices will do more than enough for keeping the Armageddon Ransomware's ransom collections from making any money, let alone being the end of the world.