Cago Ransomware
The Cago Ransomware is a file-locking Trojan that can block your PC's content, such as documents, image galleries, or music, by encrypting the files. Although its family, if any, isn't known, encryption is easily securable and users shouldn't assume that a free decryption service is possible. Anti-malware tools can protect your PC by blocking or removing the Cago Ransomware, and backups can streamline the recovery process.
Trojans with Questionable Language for Your Files
There's an ongoing investigation into a new file-locking Trojan, with a Russian AV vendor estimating it as being a variant of the DCRTR-WDM Ransomware family. However, its symptoms are similar to those of many threats, including separate ones like the Troldesh Ransomware. What malware experts can guarantee of this Trojan is that it endangers files with encryption that can keep them in a possibly permanent state of captivity.
Text documents, spreadsheets, archives, music, and pictures are examples of the formats that are in most risk from this data-encrypting function. Users can determine which content is in this lockdown state by looking at the extension, which should bear an extra 'CAGO' extension in all caps. While this term translates to a Spanish vulgarity, the Cago Ransomware's ransoming message – the main qualifier of its possible lineage – is in English.
Malware experts recommend against using ransom notes as the sole identifiers of any file-locking Trojan since many families will share or partially recycle the instructions of other ones. However, the Cago Ransomware does leave one, critical clue in its attempt at extortion: the use of a Foxmail account, which is especially prominent in China. Attacks by file-locking Trojans in this region can use exploits such as mislabeled torrents, scanning for servers with vulnerable configurations or credentials, or e-mail.
Rescuing Your Media without the Ransoming
Extortion such as the Cago Ransomware's attack succeeds with the indirect help of the victim, who trusts that paying the criminal will restore their files, even though there's no evidence of good-faith transactions, in most cases. Users are responsible for protecting their media through well-proven methods, such as securing a backup on either a portable drive or a cloud service. Both network-attached storage and the Shadow Volume Copies are less reliable but may be possible solutions for a minority of infections.
Users also can prevent infections through well-proven strategies and best practices. Avoiding interactions with illicit downloads, scanning e-mail attachments, disabling macros, turning off your browser's Flash and JavaScript, and using secure credentials for logging into accounts all are relevant defenses. Anti-malware products, if active, should detect the Trojan at the time of infection and may uninstall the Cago Ransomware while they're scanning your computer.
Whether the Cago Ransomware is limiting itself to China's borders or not isn't very relevant, unfortunately, to the potential victims. A PC owner who isn't guarding his work is going to get taken advantage of sooner or later, if not by the Cago Ransomware, then by one of the hundreds of its competitors.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.