Com2 Ransomware
The Com2 Ransomware is a file-locking Trojan from the Crysis Ransomware Ransomware-as-a-Service. Infections will prevent your files from opening by encrypting them and attempt the ransoming of a decryption service for data recovery. Alternate backup solutions are a strong recommendation against this threat, although most anti-malware programs should remove the Com2 Ransomware securely.
An Unexpected Fork in the House of Tudor
The file-locker Trojan family of the Crysis Ransomware is experiencing another campaign which might be competing against STOP Ransomware's relatives in Asian island nations. Besides a free e-mail address of 'DonovanTudor@aol.com' and the 'com2' extension it adds onto any digital hostages, the Com2 Ransomware is similar to its numerous relatives in the Ransomware-as-a-Service collective. However, the samples available to malware experts provide details that suggest that Southeast Asia-residing victims are the Com2 Ransomware's intended targets.
Along the same lines as the BKP Ransomware, the KICK Ransomware, the Kjh Ransomware, or the 0day Ransomware, the Com2 Ransomware establishes its presence by changing the Windows Registry. When it's running, it searches for file formats worth ransoming, such as documents, and encrypts them with a secure variant of AES. Encrypted content will not open again until the user reverses the procedure by using a compatible decryptor.
Not all characteristics of the Com2 Ransomware's installer provide consistent clues, such as its description, which appears to be a series of randomly-selected English words. However, its copyright field refers to a Malaysian and Singaporean transportation and delivery company, GrabTaxi. The possibility of its threat actor using a fake invoice or delivery alert-themed document for dropping the Com2 Ransomware is relatively high. Malware researchers see similar attacks deploying other file-locking Trojans, such as STOP Ransomware variants.
Refusing a Trojan Delivery Service
The Com2 Ransomware sells the decryption solution for a ransom, with the benefits of paying remaining questionable for any victims. The Shadow Volume Copies that would form the backbone of Windows' default backups also experience total erasure. Saving backups to less-vulnerable devices and servers will keep file-locking Trojans from placing your media in a compromising situation that lends itself to extortion.
Users can keep themselves safe from likely infection exploits by avoiding e-mails, torrents, and other sources of possibly-unsafe downloads and files. Macro-using Word documents and Excel spreadsheets are strong candidates for hosting drive-by-download attacks. Malware experts recommend leaving the macro feature inactive. Updating Microsoft Office software to the latest version offers further protection against vulnerabilities.
This family's development is ongoing and may include anti-security updates. However, like other Crysis Ransomware releases, any users with anti-malware protection should find that their software identifies and deletes the Com2 Ransomware on sight.
The Com2 Ransomware may change its social engineering strategy in the future. Although GrabTaxi is no longer operating under that name, threat actors are, frequently, on-point about updating references in their disguised Trojans.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.