Home Malware Programs Ransomware Blower Ransomware

Blower Ransomware

Posted: February 6, 2019

The Blower Ransomware is part of the STOP Ransomware family. Its attacks include locking your files and creating text files that ask for money for unlocking them. A well-maintained backup can prevent the hostage situation against your digital media, and most anti-malware products should find and delete the Blower Ransomware as default behavior.

Fresh Trojans for Blowing Your Files Away

The Djvu Ransomware branch of the STOP Ransomware's family is continuing its growth into February after the Trojan's appearance earlier in the year. These file-locker Trojans are a more recent innovation than old competition like Hidden Tear, but are, apparently, just as competitive. Some points for comparison and contrast within this family include the '.WHY File Extension' Ransomware, the INFOWAIT Ransomware and, as of February, the Blower Ransomware.

While its infection techniques are unidentifiable, malware researchers are verifying the Blower Ransomware's live attacks against users, which 'lock' files for ransoming them. The Blower Ransomware can encode the user's documents, photos, and other media with AES encryption securely, which it protects with a custom RSA key that it transfers to the threat actor. The users, then, have the choice of paying the ransom fee that the criminal asks for in his 'readme' file (nearly one thousand USD) or finding another way of recovering their content.

The Blower Ransomware uses a minor alteration of a ransom note, and, most obviously, appends '.blower' extensions onto the filenames. Other characteristics, such as deleting backups, displaying pop-ups, and additional security issues, are endemic to the STOP Ransomware family and file-locking Trojans, in general. However, malware experts only find Windows users being vulnerable to attacks from this family.

Stopping an Enterprise of Sabotaging Digital Media

Campaigns by file-locker Trojans, usually, focus on spam e-mails or brute-force login hackings as the preferable strategies for compromising business or even government networks. In many cases, malware experts connect attacks to the use of weak passwords by server administrators, or the users opening corrupted Adobe PDF or Word documents. Elsewhere, average users could infect their machines by interacting with torrents and other, disguised and unsafe Web-browsing content.

There is no decryption utility for the public to avail themselves of for unlocking the files that the STOP Ransomware family attacks. Since a strong encryption strategy is programmed and implemented easily, malware experts recommend that most users depend on establishing secure and non-local backups instead of hoping for a decryptor. High-quality anti-malware tools are, as usual, helpful for removing the Blower Ransomware, hopefully, before any attacks.

The Blower Ransomware's family isn't stopping soon, and as long as the users don't protect their files, its status as a profitable threat is unlikely of being challenged. Secure and update your backups monthly, weekly, or daily, as is appropriate for your files, instead of paying triple-digit sums to strangers.

Loading...