Home Malware Programs Ransomware CoderWare Ransomware

CoderWare Ransomware

Posted: November 27, 2020

The CoderWare Ransomware is a file-locking Trojan independent of Ransomware-as-a-Service or open-source families. The CoderWare Ransomware can block media like documents through encryption, like most threats of this type, and deliver ransom messages in pop-ups and text readme files. Windows users should have backups for recovering without paying and let their choice of cyber-security service uninstall the CoderWare Ransomware where appropriate.

A Coder's Talents Put to the Worst of Uses

With the same sensationalism already established by Trojans like the Jigsaw Ransomware and the WannaCryptor Ransomware, new campaigns also are out in the threat landscape, delivering flashy pop-ups as the exclamation points to their assaults. The CoderWare Ransomware is, perhaps surprisingly, not a relative of any older variant software that shares the encryption-for-extortion attack plan but resembles them in its structure. Like similar crime sprees, it leans on timing pressure for prodding users into behaving rashly to benefit the programmer's Bitcoin wallet.

The CoderWare Ransomware uses encryption of an unknown strength to block media files on Windows systems, including recreational contents like music or pictures and more workplace-pertinent formats such as databases and documents. The CoderWare Ransomware also adds a 'DEMON' extension onto the ends of each files' name – the traditional means by which Trojans that lock files differentiate their campaigns. Malware experts observe no other advanced attack features, such as disrupting security software or blocking websites, at this time.

The CoderWare Ransomware generates a difficult-to-miss pop-up window and an identical message in Notepad TXT with the encryption's conclusion. The threat actor frightens victims with a ten-hour countdown in the pop-up, similarly to the Jigsaw Ransomware. He also provides a Bitcoin address after demanding one thousand USD in cryptocurrency to help with file recovery. Since the CoderWare Ransomware's encryption security is unknown, decryption with third-party assistance may or may not be possible. Malware experts also point to the lack of Restore Point deletion in current samples, which is a crucial vulnerability in its extortionist business model.

Illicit Gaming Bites Back at Its Participants

Although the CoderWare Ransomware's wallet shows signs of activity, no transactions, so far, match the Trojan's ransom requirements. The address could be for other, equally-illicit activities or the amateur programmer's personal use. In most cases, victims should avoid paying, which carries with it no certainty of getting the threat actor's file-restoring decryption tool.

Malware researchers also find a striking element in the CoderWare Ransomware samples: executable file names of 'Cyberpunk 2077,' a hotly-anticipated upcoming game by CD Projekt. The CoderWare Ransomware, like some versions of STOP Ransomware's family and other threats, may capitalize on demands in illegally-downloaded content for tricking users into infecting their PCs. In such scenarios, torrent networks are the usual culprit, although Web surfers might encounter a CoderWare Ransomware tactic on a software piracy-themed website.

Law-abiding download behavior can, naturally, limit exposure to drive-by-downloads, bundled Trojans, and other tactics significantly. Malware experts also encourage the diligent use of backups on different storage devices or PCs for restoring anything that the CoderWare Ransomware attacks. Dedicated anti-malware services also can delete the CoderWare Ransomware and protect any data from encryption, provided that they're active at the time of the attack.

The CoderWare Ransomware uses well-known facts about PC users' psychology for turning their minds into stepping stones towards Bitcoins. This Trojan's campaign shows that anyone treating their computers as toys for casual crime is, poetically, likelier of exposing themselves to the 'wrong' sort of criminal behavior in exchange.

Loading...