Charm Ransomware
The Charm Ransomware is a file-locker Trojan that can harm your digital media by encrypting it and keeping the decryption key for a ransom payment. Its attacks also generate Notepad-based demands, including a time limit on paying, and may induce symptoms such as wallpaper-hijackings or the deletion of the Windows System Restore points. Let your anti-malware products protect your PC by removing the Charm Ransomware once they identify it, and recover any 'locked' files with backups or free decryption solutions.
An Uncharming Server Problem
A victim is providing some statistics on a new, file-locker Trojan whose family, if it exists, malware analysts have yet to ascertain. The threat, the Charm Ransomware, is targeting the vulnerable servers of businesses and other, at-risk entities with any media worth ransoming, such as NGOs seemingly. The single victim is in the US and, as usual, is using the Windows OS, which provides a broad clue of the Charm Ransomware's overall software compatibilities.
The Charm Ransomware uses an unknown encryption method that, at a minimum, targets Adobe PDF documents, and also may harm other types of media, such as Word's DOCs, Excel's XLS spreadsheets, ZIP and RAR archives or pictures like GIFs and JPGs. The Charm Ransomware also tags each file that it locks by encrypting it with an extra extension of '.charm,' which doesn't remove any previous one. Since this encryption sequence may or may not be breakable, malware experts endorse keeping backups of the contents of any PC on other devices for their safety heavily.
The one, additional symptom that malware experts are confirming is the Charm Ransomware's use of a Notepad ransoming message, which may place it in a preexisting family like Hidden Tear or the Scarab Ransomware. The note gives the user an address for contacting and some ransoming details: a seven-week limit before the threat actor deletes the key, as well as a stated preference for Bitcoin-based payment. The price is unknown, which may be the author's attempting to obscure any variability between the 'customers.'
Getting Out from Under the Charms of a Trojan
While the Charm Ransomware's threat actor insists on English-speaking negotiations, the Charm Ransomware's ransoming message contains obvious grammar errors and could be a byproduct of an automatic translator application. However, using English makes the payload compatible with targets throughout the world, and is typical of both eastern-based threats like the Scarab Ransomware family, as well as North American ones, like the Jigsaw Ransomware and EDA2. Criminals take their ransoms without giving a real or workable decryption service back occasionally, which is why paying the fee is suggested, if at all, only as a last resort.
Brute-force attacks are an endemic infection vector for business networks and server infrastructure. Avoiding weak passwords and user login names can reduce, if not immunize, any server's admin account from brute-forcing. Admins also should keep alert of any issues with Remote Desktop settings that are often related to file-locker Trojan infections. Victims should attend to these issues and recover their files after removing the Charm Ransomware with the use of any trusted brand of anti-malware solution.
While malware experts have yet to track the expenses and profits of the Charm Ransomware's campaign, it's another justification for keeping your backups in an updated state. The value of a server's contents could be in the eye of the beholder, but that gaze can just as easily belong to a criminal.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.