AutoTRON Ransomware
The AutoTRON Ransomware (a separate threat from the Tron Ransomware) is a file-locker Trojan that uses AutoIT scripts and encryption for blocking your documents, pictures and other media. Besides preventing your files from opening, the AutoTRON Ransomware also modifies their extensions and creates text-based warnings asking for money to buy the unlocking solution. Victims should recover their data via any of several, free methods, and use anti-malware products for uninstalling AutoTRON Ransomware.
Your Favorite Movie is, Once Again, Locking Your Files
In an act that further confuses the identities of some file-locking campaigns and their corresponding decryption solutions, a threat actor is using the same 'Tron' movie brand of the Tron Ransomware campaign for launching a brand-new Trojan with similar attacks, the AutoTRON Ransomware. Unlike the Russia-avoiding Tron Ransomware, the AutoTRON Ransomware bases itself off of a central body of free, AutoIT scripts, similarly to the RedBoot Ransomware, the Mircop Ransomware family, the Schwerer Ransomware or the file size-filtering CryptoWire Ransomware. Its limited, independent code implies that its author has minimal experience with the Black Hat programming industry.
While the AutoTRON Ransomware's code is inefficient and uses a series of separate loops for attacking different file formats and folders, the data-encrypting feature is, otherwise, workable and does prevent the user from opening Word documents, Adobe documents, MP3 sound clips, and program executables, as well as other data types. The AutoTRON Ransomware adds '.TRON' extensions onto the file names via a format that doesn't remove the original one (for instance, 'popular-song.mp3.TRON').
The AutoTRON Ransomware's author also provides a Notepad ransom note to any victims. This text file uses a format very similar to those of other campaigns, although its changes include typos and unusual stylistic choices. The threat actors ask for Bitcoins for their decryption service for unlocking your files, although malware experts don't recommend doing so and note that the message doesn't provide a firm price.
Automatic Solutions to AutoIT Trojans
The AutoTRON Ransomware provides 'free' decryption of up to eleven files that some users may wish to test before taking other steps. However, malware experts are verifying that AutoTRON Ransomware's encryption method omits the conventional AES and RSA protection and any files should be recoverable with the help of any programmer or cyber-security researcher with a minimum of cryptography experience. This solution is unavailable for some, similar file-locking threats, and users should consider backing up any files under any danger of permanent encryption.
Along with keeping backups of your media on cloud servers or removable storage devices, you also may detect and remove file-locking threats like the AutoTRON Ransomware preemptively before they attack your data. Since this Trojan possesses no significant code obfuscation or other defenses, most anti-malware products should delete the AutoTRON Ransomware before it installs itself. Unfortunately, malware researchers have yet to find evidence of how the Trojan's campaign handles its distribution, which may occur over spam e-mails, malvertising, brute-force attacks or other methods.
Programming resources are free to anyone with the motivation to look for them, which makes building Trojans like the AutoTRON Ransomware into straightforward jobs. Since the con artists can cause significant data loss by doing hardly any work at all, PC users will need to work that much more to protect the files of importance to them.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.