Aurora Ransomware
The Aurora Ransomware or OneKeyLocker Ransomware is a file-locking Trojan that encrypts the data in your files to stop their opening in associated programs. Symptoms besides non-working documents and other media include automatic changes to filenames and the presence of a text messages asking for money in return for a decryption key. Have backups, when possible, for keeping the chances of damage to your files to a minimum, and let your anti-malware software remove the Aurora Ransomware once it identifies it.
The Dawn of Another Data-Capturing Campaign
A sample of a file-locker Trojan previously under analysis by the cyber-security industry is now showing indications of progress towards its live deployment in the wild. The Aurora Ransomware's authors are providing the threat with an operational Command and Control server that could handle its ransom-based cash transactions. Any victims, still, should avoid paying, due to the probability of the threat actors accepting the payment but not returning a functional decryptor code.
The Aurora Ransomware uses a less traditional, but still viable, DES algorithm for locking the files of any victims. This encryption attack may include searches through network-accessible folders or portable devices, and malware experts outline text documents, pictures (such as JPG or GIF), and Microsoft Office and Adobe-related media as especially at risk. Although the attack has limited symptoms while it's operating, the final addition of '.Aurora' extensions to the filenames can help the user note what content is or isn't encrypted.
For unclear reasons, the Aurora Ransomware creates a series of identical ransoming messages with only numbers in their names for distinguishing them. All of them ask for 500 USD in Bitcoins and tell the users that they should contact the threat actor's e-mail for more information on unlocking their files. Malware experts didn't determine yet whether or not the Bitcoin wallet has been successful in collecting any money.
Casting Light on the Panacea for File-Ransoming Attacks
The executable that installs and runs the Aurora Ransomware, 'List.exe' (which, possibly, is an attempt at a disguise related to spam e-mails), also establishes a connection for downloading a second component ('Hack.exe') of the Trojan. Users disabling their network connections in time may prevent the Trojan's installation. Many anti-malware programs also are detecting the Aurora Ransomware's installer with the generic label of Filecoder closely. Malware experts also are connecting the campaign with a variety of Russian Web domains, only some of which are non-operational at the time of this article's writing.
The Aurora Ransomware's ransom notes include claims of the Trojan's leveraging RSA-248 as its sole encryption method, which is possible, but unlikely, due to the length of time in such a data-encrypting process. Threat actors often make erroneous claims about the security of their encryption routines, although malware experts strongly encourage keeping backups for making the issue irrelevant. While anti-malware programs don't decrypt media, they may delete the Aurora Ransomware securely.
The Aurora Ransomware is one of the countless Trojans ramping up the functionality of their Web infrastructure for attacking PCs one file at a time. Even though the Aurora Ransomware is under analysis as a singular Trojan and campaign, as a trend, its existence emphasizes the value of all the security steps malware experts are already endorsing daily.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.