Consciousness Ransomware
The Consciousness Ransomware is a file-wiping Trojan that encrypts files without saving the recovery password. It may disguise itself as a Windows background service and delivers ransom notes to victims, despite being incapable of unlocking media. Users should back files up to other devices for ensuring their safety and let their dedicated cyber-security tools remove the Consciousness Ransomware.
The Problems behind Paying Predators
File-locking Trojans depend on the supposed authenticity of their decryption services for getting money out of desperate victims. What happens when threat actors buck this 'business arrangement' can be ugly for users' files. In the Consciousness Ransomware campaign, this Trojan is having the best of both worlds: destroying files and insisting on making money for help that it can't provide.
At first, the Consciousness Ransomware seems barely different from the other file-locker Trojans that malware researchers catch. The Consciousness Ransomware targets Windows systems and avoids notice while it's active by pretending that it's a Windows task-handling process. The Trojan also includes a data-encrypting routine that blocks content such as documents. A symptom that comes with this feature is its adding extensions of '.Conscious' to each one.
A swerve in the Consciousness Ransomware's payload comes without symptoms: it re-creates a new data-locking password, from scratch, with each file. It also never saves any of these passwords, and malware experts see no support for network connectivity or Command & Control connections that could handle uploading passwords. Since the essential unlocking key is disposable, there aren't any practical means of restoring files, which brings the Consciousness Ransomware to the same class of threat as any file-wiper Trojan.
Remaining Conscious of the Alternatives to Trojan Ransoms
The Consciousness Ransomware, despite its weaknesses, drops a ransom note that's typical of a more-polished Ransomware-as-a-Service or similar threat. It also includes an HTA pop-up that it may use for blocking the screen while it demands its ransom: four hundred USD in Bitcoins. Paying has no advantage whatsoever, although users might take notice of an odd tactic: the threat actor pretends that the encryption process is protecting their files from Trojans and claims that the fake decryption is part of an unnamed, professional business.
Because of grammar and plausibility issues in the Consciousness Ransomware con, malware experts heavily suspect that the programmer isn't a native English speaker. Still, the Trojan is a possible threat to Windows users in any country, and all the more so for giving no decryption solution back to those that pay. The lack of legal protection around Bitcoin transactions raises another issue in the Consciousness Ransomware's campaign, which is all-too-typical of genuine file-locker Trojans.
Users with backups on other devices are immune to the Consciousness Ransomware's attempt at bargaining under pretense virtually. Well-updated backups cloud services and removable devices, mainly, with air gaps or password protection, are preferable Reliable anti-malware software also should identify, contain, and delete the Consciousness Ransomware by default.
The Consciousness Ransomware is a terrific tactic wrapped up in a package of believable data-blocking attacks. Although the world little needs more Trojans, the Consciousness Ransomware's campaign has some usefulness: as an alert to how much risk and how little gain there is in following ransom notes' directions.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.