Artemis Ransomware
The Artemis Ransomware is a file-locking Trojan that can block media such as documents with its encryption routine. It's a relative of the PewPew Ransomware and includes that threat's signature features, such as the HTA ransom note. Users with protected backups should find recovery easy, although traditional security products should block the Artemis Ransomware attacks and remove the threat immediately.
From Sound Effects to Greek Myth in One Update
The PewPew Ransomware, a recently-appearing Trojan family, already is splitting off into variants, with unknown threat actors taking advantage of the new tools for extortion. The Artemis Ransomware is the earliest update malware experts can verify, and most of its features are repeats of its onomatopoeic ancestor. With samples not disguising their Greek mythology-referencing names, the campaign's theme might or might not relate to the infection exploits in any meaningful way.
Named after the Greek huntress-goddess of the moon, the Artemis Ransomware hunts after the user's files appropriately by launching an attack that searches for media (documents, pictures, archives, and music are prominent examples) and encrypts or locks it. Keeping with the mores of most Ransomware-as-a-Services, it also changes their filenames and inserts ransom-related data and its extension superficially.
Like the PewPew Ransomware, the Artemis Ransomware uses a preexisting template for its ransom note that malware experts find in multiple families, including the Globe Imposter Ransomware, the Crysis Ransomware and the Globe Ransomware. Besides updating the e-mail for negotiations, the Artemis Ransomware's messages are identical to the old ones, with a generic ransoming request and an offer for a free demonstration for a few files.
Naturally, victims should reconsider paying due to the risks of faithlessness on the threat actor's part.
Arrow-Proofing Files with Protective Armor
Religious folklore isn't an infrequent stopping-point for Trojans (compare and contrast the Artemis Ransomware with the Sekhmet Ransomware or the VenusLocker Ransomware). In almost every instance, it doesn't adequately inform on the campaign's geographical targets. Typically, Windows users are most at risk, and our malware experts are verifying the Artemis Ransomware's compatibility with most versions of that OS.
This family remains relatively new, and there are no decryption solutions on the web for free. For most attacks, any file recovery without an unaffected backup remains speculative. Preventing infections is much more viable for most Windows users. That's practically possible through disabling features like Flash, JavaScript, or macros, using strong passwords, and being cautious around security risks like e-mail attachments or torrents.
Anti-malware products should catch and delete the Artemis Ransomware during installation exploits or afterward efficiently. Since current rates for detection across the security industry are sub-optimal, users should consider quarantining and submitting samples to reputable researchers and AV vendors.
The first step into a Trojan starting a family is always an important event. The Artemis Ransomware might not deliver anything new in its moonlight-tipped arrows, but a proven cyber-warfare weapon is more than deadly adequately.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.