Home Malware Programs Ransomware Atom Ransomware

Atom Ransomware

Posted: September 14, 2016

Threat Metric

Threat Level: 10/10
Infected PCs: 59
First Seen: September 14, 2016
OS(es) Affected: Windows


The Atom Ransomware is an updated variant of the Shark Ransomware and includes most of that threat's features, such as encrypting your files and creating extortion messages. The Atom Ransomware's distribution model uses third parties that may implement unpredictable install exploits, although blocking this threat can prevent your PC from suffering from a potentially unrecoverable loss of data. Detecting this Trojan beforehand or removing the Atom Ransomware after its installation always should be delegated to your dedicated anti-malware utilities.

From Sea Life to Science, a Trojan Re-Branded

Even when a threat author chooses to load much of the responsibility of a campaign onto a series of affiliates, the business model of profiting from threatening software is often contentious. Many threat creators choose to adapt to issues in a campaign by re-branding their products, but, otherwise, changing little about them, as malware experts see in the evolution of the Shark Ransomware to the Atom Ransomware. This new version of the Trojan analyzed last month uses a slightly more secure Web infrastructure than its recent ancestor, although the hosting remains WordPress-based.

Its creators sell the usage of the Atom Ransomware to other threat actors, who use the generator kit for creating custom executables. Configurable variables include the types of data the Atom Ransomware targets, the ransom to demand from a victim, and the Bitcoin address the Atom Ransomware's creators will use to transfer a fair percentage of the ransom money theoretically. The means of distributing and installing the Atom Ransomware also is left entirely up to the affiliate.

Like the Shark Ransomware, the Atom Ransomware uses an AES-based algorithm to lock your files through an encryption routine that encodes their internal data. The ransom message the Atom Ransomware generates for collecting its money and (potentially) helping victims buy into a working decryptor includes a countdown to facilitate rapid payments.

Splitting an Atom Ransomware without Cutting into Your Personal Funds

The Atom Ransomware's predecessor is mostly notable for taking the unusual step of reaching out to con artist affiliates through a blog-based domain, instead of the TOR sites that most threat authors prefer (due to its improved anonymity protection). Although the Atom Ransomware's authors have taken steps for enhancing the privacy of their business, interested researchers still can glean some details of its operations from the Trojan's website. Sources verifiable by malware experts also indicate that the Atom Ransomware installations are on the rise as of the fourteenth of September.

Average PC users can protect themselves from the Atom Ransomware attacks by blocking the original installation attempt through the usual security programs, such as anti-malware scanners capable of analyzing their downloaded files. Backups also can give a victim a means of restoring content while also ignoring any need for reversing (AKA decrypting) the Atom Ransomware's encryption attack. Free decryption tools sometimes are made available to the public, but the difficulty of decoding can vary dramatically between the different Trojan families.

Updates like the Atom Ransomware show vulnerability on the part of a Trojan's creators but also stress the need for due diligence on the part of PC owners. Outdated security software can have issues with removing the Atom Ransomware, or other, minor variants of old threats. Keep your software current to equalize your PC security with the updates of any threat campaigns.

Related Posts

Loading...