Connect Ransomware
The Connect Ransomware is a file-locking Trojan and variant of the Bondy Ransomware. This Trojan is functionally-identical to its predecessor, with secure encryption attacks for locking files and text ransom notes demanding money for data recovery. All Windows users can keep their files safe by backing them up and leveraging anti-malware tools for removing the Connect Ransomware.
Connecting One Trojan Back to Another
Covering tracks isn't always a priority for threat actors, who may rent or collect much of the code for their Trojans and other Black Hat software. A campaign that copy-pastes the unique Bondy Ransomware with another name on top is making another extortion attempt and blocking files while it does so. As per current database samples, the Connect Ransomware owns the semi-notable honor of being the first variant of Bondy Ransomware that malware experts can confirm.
The Connect Ransomware is a Windows program and disrupts file access by encrypting or 'locking' files with what it asserts is RSA encryption. The Trojan uses a new extension for them, as per its campaign title. For better or worse, the file-blocking encryption remains the same regardless of any changes to the names or extensions.
The Connect Ransomware's connection to the Bondy Ransomware is made obvious exceptionally using the same ransom note: a text file in English asking for hundreds of USD in Bitcoins. No victims are paying into the wallet so far. Bitcoin and other cryptocurrencies make up most ransom demands from threat actors, thanks to the additional hurdles in refund opportunities.
While malware experts can't encourage paying ransoms for possibly-nonexistent decryption help, victims can consider the free 'demonstration' with appropriate precautions. Some attackers may send corrupted files back to the victims instead of unlocked ones.
The Windows Process that Goes Haywire
The Connect Ransomware's threat actor also hasn't made any updates to the fake name that the Bondy Ransomware campaign uses, the so-called 'Host Process for Windows Services.' By imitating a Windows process, the Connect Ransomware may run in the background without drawing attention from users and suppress symptoms like its ransom note until finishing its encryption attack. As for its distribution on the Web, malware experts can't confirm any current exploits.
Users can improve their safety by disabling JavaScript, Java, and Flash as they browse websites. Some sources of file downloads, such as torrents, e-mail attachments, and unsolicited software updates, also are likely places for acquiring file-locker Trojans of various families. All-purpose security steps for Windows users include using strong passwords and installing security patches regularly, which removes much of the risk of a brute-force attack or a vulnerability's exploitation.
Effective anti-malware products can delete the Connect Ransomware without issue but can't restore files, which requires an intact backup or the threat actor's decryption key.
Playing connect the dots with Trojan ancestry usually has a longer line than the Connect Ransomware's campaign. A one-to-one correlation doesn't make the Connect Ransomware any less hazardous than the Bondy Ransomware, though, and is twice as much of a reason for making a backup.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.