Home Malware Programs Ransomware '.cekisan File Extension' Ransomware

'.cekisan File Extension' Ransomware

Posted: February 21, 2019

The '.cekisan File Extension' Ransomware is a Windows variant of the '.snatch File Extension' Ransomware. The file-locking Trojan can block your media content, such as documents, one-by-one by encrypting them, as well as adding unwanted extensions and depositing ransoming demands. Having backups available on other devices can render this extortion ineffective, and most anti-malware tools should block or remove the '.cekisan File Extension' Ransomware from your PC.

A Little Trojan Family Grows Bit by Bit

The '.snatch File Extension' Ransomware, the family of file-locker Trojans originally notable for attacks against OS X is showing itself just as adept at harming the files of Windows users increasingly. Besides the slightly older '.Jupstb File Extension' Ransomware, malware analysts are granting membership to another, Windows-specific variant: the '.cekisan File Extension' Ransomware. Since the majority of the '.cekisan File Extension' Ransomware's symptoms are archetypal of its threat type, this identification boils down to its implanting the same marker data into the data that it locks.

This locking behavior uses a file-by-file encryption routine that can occur with few to no symptoms, as a background process. Some builds of the '.cekisan File Extension' Ransomware may display undisguised CMD windows that would prove irrelevant for cases where the threat actor plans on launching it personally. After the '.cekisan File Extension' Ransomware proceeds with blocking documents, pictures, and other content, it also creates Notepad text messages and changes the account's wallpaper.

Because investigations on this family's decryption chances are ongoing, victims may consider providing samples to appropriate cyber-security specialists for their help. However, malware experts advise against following the ransoming instructions in the '.cekisan File Extension' Ransomware's text file, which can lead to permanent forfeiture of cryptocurrency or cash-equivalent vouchers without getting an unlocker for the trouble. Any valuable data on your PC always should have at least one backup on another form of storage, such as a cloud server or USB.

Blocking the World's Files, One Country at a Time

The first release of this family, the '.snatch File Extension' Ransomware, targeted Saudi Arabian systems, but the '.cekisan File Extension' Ransomware is showing that a nation of residence is no protection from its attacks. This variant of the threat is infecting Russian PCs. Due to the diversity of systems under attack, so far, malware researchers are estimating that threat actors are either circulating installers through opportunistic strategies, such as misnamed torrents or using targeted attacks. The latter can consist of brute-forcing insecure logins and sending e-mail messages, usually, with corrupted documents attached.

The defenses that were worthwhile against the '.snatch File Extension' Ransomware and the '.Jupstb File Extension' Ransomware previously should be no less appropriate for the '.cekisan File Extension' Ransomware. Users can disable Java, JavaScript and Flash for improving their browser's safety, avoid enabling Word macros for improving the security of unexpected documents, and change passwords for avoiding brute-force attacks easily. Without a public decryptor, malware experts only can emphasize the need to have anti-malware protection for deleting the '.cekisan File Extension' Ransomware before it can harm any files en masse.

The '.cekisan File Extension' Ransomware is fast-proving that its family, however small it might be, is a global concern for anyone with monetarily-valuable files on their computers. Unfortunately, it is only one of many possibilities for those who don't store their work with all due caution.

Loading...