CommonRansom Ransomware

The CommonRansom Ransomware is a file-locker Trojan that can block media throughout your PC, add extensions to the files' names, and display ransom notes. Besides asking for money, the threat actors also are using their ransoming demands as ways of gaining remote control over the PC. Victims should refrain from giving in to these requests, disable their Internet connections, if appropriate, and have an anti-malware program uninstall the CommonRansom Ransomware before restoring the locked files from their backups.

An Uncommon Choice of Ransoming Strategies

File-locker Trojans are, as an industry, a well-established model for turning illicit software and blocked files into money for criminals, either through 'in-house' attacks or rental and profit-splitting Ransomware-as-a-Service services. While it's not very frequent for file-locker Trojans to buck any of the established trends, some do, such as the CommonRansom Ransomware. Malware researchers can confirm the CommonRansom Ransomware's strangest difference from competing Trojans doesn't lie in its encryption, but in its warning message.

The CommonRansom Ransomware uses an unidentified data-enciphering process that labels the blocked documents, pictures, and other files with a bracket-enclosed e-mail address and the new extension from its name, just like many RaaS families. Secondly, it creates a unique 'DECRYPTING.txt' message that tells the victim to pay Bitcoins to a wallet within twelve hours for buying the decryption solution that would recover the files. All of these instructions are traditional, but the CommonRansom Ransomware makes additional demands of giving port access and admin login credentials to the threat actor, as well.

This final detail could be a genuine attempt at handling the decryption efforts on a manual, personal basis. However, it's more likely of being an additional, social engineering-based attack that would give them remote control over the system, letting them install other software, disable security services, or collect confidential information. Malware experts can't corroborate any definite cases of a victim submitting to this stipulation, but the criminal's wallet has been receiving payments from some sources.

Not Letting Trojans Treat Your Files Like Commoners

The CommonRansom Ransomware's attacks are a rarely-seen combination of both social engineering into a backdoor, as well as the more usual procedure of file-locking and extortion. However, both halves of its campaign are defensible by the standard measures of keeping backups of your work on secure devices for avoiding any dependency on acquiring a decryption key or utility. Since malware researchers have yet to identify the CommonRansom Ransomware's genealogy, users should consider submitting samples to appropriate AV industry members for further analyzing its encryption methods.

Although its distribution status is live, the CommonRansom Ransomware campaign is sufficiently new that malware researchers can't confirm how it's installing itself. However, since the CommonRansom Ransomware requests information that criminals would acquire via brute-force attacks naturally, readers can rule out that infection vector, while remaining attentive to others, such as e-mail spam. Update your anti-malware products for helping their accuracy and deleting the CommonRansom Ransomware on sight, instead of after the Trojan locks your files.

The CommonRansom Ransomware makes a bad problem into an even worse one by taking your files prisoner and telling you that the solution is giving the instigator full control over your computer. While it's a remarkable means of scamming PC users twice over, it's a business model without any advantages for the ones receiving its attention.