Cat Ransomware
The Cat Ransomware is a file-locking Trojan that's a variant of the Xorist Ransomware, a freely-available programming project. The Cat Ransomware attempts to stop users from opening their files by encrypting them and creates a ransom note in Cyrillic that recommends texting an SMS number for help. Users should always have backups safely protected to recover any files and let their PC's security solutions delete the Cat Ransomware as needed.
The Cat Came from Russia to Nip at Files
With 'freebie' programs like the Xorist Ransomware of GitHub fame, anyone in the world can pick up and deploy a Trojan without much coding knowledge. The Cat Ransomware, a new variant in kind, seems that it's from Russia – or, at least, concerning itself with attacking users in that area. Between Cyrillic text, SMS messaging, and limited recovery attempts, this Trojan-in-progress is more interesting than its family's simpler variants.
For comparison, readers might glance at the Files Fixer Ransomware, the AAC Ransomware, the Xorist-Frozen Ransomware, the Xorist-XWO Ransomware, or the YaKo Ransomware, all of which also are family members. These Trojans all target Windows systems with an encryption feature for locking documents, databases, pictures, audio and other media files. Users should note that this attack is reversible in some cases, with the help of free decryption applications.
The Cat Ransomware also adds 'cat' extensions onto the files it so blocks. As per usual, the ransom warning it offers victims provides some clues as to the attacker's background and level of expertise. The Trojan provides Cyrillic-based instructions without English translation and warns that too many attempts at entering the decryption code will destroy the files. It also has the novelty of preferring SMS messaging for negotiations, but the number is a non-working placeholder.
Skinning a Cat without Harm to Any Media
Updates to the Cat Ransomware will, almost certainly, provide a working contact for the threat actor, who may demand anywhere from hundreds to tens of thousands – or more – dollars in ransom. These transactions usually invoke cryptocurrency, which protects the attacker from refunds by the victim. However, it also places the victim in the threatening position of risking their money for a solution they might not receive.
Besides free decryption options unique to Xorist Ransomware, users should also protect their work for recovery through secured backups. Backups on detachable devices or cloud services are safer than local ones, which most Trojans will delete or encrypt. For most file-locking Trojans, encryption isn't reversible without the threat actor's information, even with conclusive samples and the help of a dedicated cyber-security specialist.
Windows users also can guard their PCs by avoiding illegal downloads, scanning e-mails attachments, disabling features like JavaScript, RDP, or macros, and using appropriate passwords. Most anti-malware programs also will capably delete the Cat Ransomware.
Residents of Russia will have to deal with their country's history with the threat landscape sooner or later, but whatever actions they take should include well-maintained backup precautions. Without that bare minimum solution, the Cat Ransomware, or another threat just like it, will have every opportunity of turning their files into coinage.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.