The Cat Ransomware is a file-locking Trojan that's a variant of the Xorist Ransomware, a freely-available programming project. The Cat Ransomware attempts to stop users from opening their files by encrypting them and creates a ransom note in Cyrillic that recommends texting an SMS number for help. Users should always have backups safely protected to recover any files and let their PC's security solutions delete the Cat Ransomware as needed.
The Cat Came from Russia to Nip at Files
With 'freebie' programs like the Xorist Ransomware of GitHub fame, anyone in the world can pick up and deploy a Trojan without much coding knowledge. The Cat Ransomware, a new variant in kind, seems that it's from Russia – or, at least, concerning itself with attacking users in that area. Between Cyrillic text, SMS messaging, and limited recovery attempts, this Trojan-in-progress is more interesting than its family's simpler variants.
For comparison, readers might glance at the Files Fixer Ransomware, the AAC Ransomware, the Xorist-Frozen Ransomware, the Xorist-XWO Ransomware, or the YaKo Ransomware, all of which also are family members. These Trojans all target Windows systems with an encryption feature for locking documents, databases, pictures, audio and other media files. Users should note that this attack is reversible in some cases, with the help of free decryption applications.
The Cat Ransomware also adds 'cat' extensions onto the files it so blocks. As per usual, the ransom warning it offers victims provides some clues as to the attacker's background and level of expertise. The Trojan provides Cyrillic-based instructions without English translation and warns that too many attempts at entering the decryption code will destroy the files. It also has the novelty of preferring SMS messaging for negotiations, but the number is a non-working placeholder.
Skinning a Cat without Harm to Any Media
Updates to the Cat Ransomware will, almost certainly, provide a working contact for the threat actor, who may demand anywhere from hundreds to tens of thousands – or more – dollars in ransom. These transactions usually invoke cryptocurrency, which protects the attacker from refunds by the victim. However, it also places the victim in the threatening position of risking their money for a solution they might not receive.
Besides free decryption options unique to Xorist Ransomware, users should also protect their work for recovery through secured backups. Backups on detachable devices or cloud services are safer than local ones, which most Trojans will delete or encrypt. For most file-locking Trojans, encryption isn't reversible without the threat actor's information, even with conclusive samples and the help of a dedicated cyber-security specialist.
Residents of Russia will have to deal with their country's history with the threat landscape sooner or later, but whatever actions they take should include well-maintained backup precautions. Without that bare minimum solution, the Cat Ransomware, or another threat just like it, will have every opportunity of turning their files into coinage.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Cat Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.