Arsium Ransomware
A user called 'arsium' has released a ransomware builder that can be downloaded for free from a popular, public hacking forum. This is bad news since it means that we are likely to encounter an influx of dangerous file-encryption Trojans that have been built with the assistance of the Arsium Ransomware builder. However, a closer inspection of the Arsium Ransomware toolkit that the threat actor has released revealed that there is a significant chance that victims of this particular file-locker may have a chance to recover their files free of charge. This is because the file-encryption routine that the Arsium Ransomware's operator has opted to use is a rather simple one – Blowfish. The exact same encryption method can be seen in the old Globe Ransomware that was cracked by malware researchers swiftly.
Blowfish-powered Ransomware might be Decryptable
In addition to using a weak file-encryption method, the Arsium Ransomware builder also appears to limit the directories that the attacker can target severely– it currently only permits the encryption of the desktop folder. However, it is likely that the author will opt to change this property if the project gets some attention from like-minded threat actors.
The attacker is able to configure the extension that will be applied to the names of the locked files and set a password that will be used to encrypt files in offline mode. However, it seems that the builder does not allow the attacker to configure a ransom note, payment method, or contact details – this makes it unclear how the threat actor is supposed to get a ransom fee after a successful attack.
Poorly Configured Ransomware might Still be Threatening to Being Accessible Easily
Arsium Ransomware is certainly not a clever project, but the fact that it is public means that we may see more of it. The original author claims that they have plans to update the builder in the future and introduce additional encryption algorithms and options, so we are yet to see what they have in store. Regardless if it’s the Arsium Ransomware or another file-locker, you can rest assured that there are hundreds of cyber-threats to watch out for, so you should take the required steps to secure your system by using an up-to-date anti-malware solution.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.