Cammora Ransomware
The Cammora Ransomware is a file-locking Trojan from the GarrantyDecrypt Ransomware family. The Cammora Ransomware can harm your files and prevent them from opening by encrypting their data, which is, in theory, reversible with the threat actor's help. The users can back their files up for keeping documents and other media safe and use anti-malware products for stopping these attacks or removing the Cammora Ransomware after one happens.
The GarrantyDecrypt Ransomware Comes Back for More Money
The GarrantyDecrypt Ransomware is one of the younger families in the category of file-locker Trojan collectives, but its development team is, slowly, catching it up to competing Trojans. New entries into that family since its 2018 introduction include the COSANOSTRA Ransomware, the 'secureserver-eu@protonmail.com' Ransomware, the 'decryptgarranty@airmail.cc' Ransomware, and, as of early March, the Cammora Ransomware. Victims are providing insufficient data for malware experts to tell how it's circulating, although recent tactics from this group use fake Proton 'server security' as a theme of their payloads.
The Cammora Ransomware locks traditional formats of digital media, such as Word or PDF documents, audio or images, by encrypting them with a secure, RSA algorithm. Searching for the 'cammora' extension that it places onto the filenames will return a list of what content the Cammora Ransomware is blocking, which requires a custom key from the threat actors for recovering. Since malware researchers find poor chances of a free decryptor's development, the users should maintain backups on other PCs or storage devices for keeping their files out of any risk diligently.
Along with the changes to the user's files, the Cammora Ransomware creates a Notepad message with its simple ransoming instructions. The victim gets little information other than the e-mail address for negotiating over the decryption help without a preset price. Past attacks from this family, as well as those of similar, file-locker Trojans, can range in ransoming cost from several hundred to over a thousand USD in cryptocurrency or vouchers.
Putting a Trojan Family's Heir in the Ground
Effective defenses against file-locking Trojans require backing up any vulnerable or valuable files to other devices that the Trojan can't access during its attacks. While some cases of the Shadow Volume Copies remaining intact for the users to retrieve their media are historical facts, that solution is statistically unreliable. Most file-locking Trojans from the Cammora Ransomware's family and others will remove any local backups for Windows environments, especially.
Some of the latest reports from the GarrantyDecrypt Ransomware family show that its developers are experimenting with tactics that misrepresent their ransoms as being security services from reputable companies like Proton. Its installation method, however, may owe itself to anything from a corrupted e-mail attachment to a torrent or a brute-force attack that cracks a server's login. Besides using the preemptive security guidelines, such as disabling macros, that malware experts always recommend, most anti-malware services should delete the Cammora Ransomware post-infection safely.
The Cammora Ransomware can only be as threatening to your files as you allow with poor data storage and security habits. Using a lazy password or not backing up your work is a quick way to place yourself on the wrong side of an extortionist situation.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.