COPAN Ransomware
The COPAN Ransomware is a file-locking Trojan that's part of the DCRTR-WDM Ransomware family. It can keep files on your computer from opening by encrypting them with AES that may or may not be breakable by third parties. Users should always backup any work they can't afford the loss of, and having anti-malware software for uninstalling the COPAN Ransomware or stopping infection is highly recommended.
A Trojan that Looks Like Two Things and is Neither
A file-locker Trojan is giving different visual signals about which family it belongs to, which can only complicate matters for any victims with file restoration on their minds. The COPAN Ransomware is a threat that uses the cryptocurrency wallet of one Trojan's family, the messaging format of another one, and belongs to neither group. Instead, malware experts confirm it as being a variant of the lesser-known DCRTR-WDM Ransomware family.
The COPAN Ransomware, like the majority of file-locker Trojans, blocks files on Windows systems by converting them with the AES encryption. This attack doesn't damage the integrity of the OS but can block content like pictures and documents. The COPAN Ransomware adds 'COPAN' extensions onto the names of these files for identifying them, but the encryption routine, itself, may have no detectable symptoms.
The oddities begin cropping up in the COPAN Ransomware's ransom notes, which it leaves in TXT and HTA (advanced HTML) formats. The second of them uses the appearance of the Globe Ransomware family, but with updates to the ID and e-mail addresses for buying the threat actor's decryption help. As usual, it asks for a Bitcoin-based payment, which bars victims from any refunds without the threat actor's consent.
While the above copycat behavior is commonplace enough, the COPAN Ransomware also shares its ransom-paying account with the campaign of a member of the Dharma Ransomware's family, which is a distinct Ransomware-as-a-Service entity. Malware experts see the latter rarely, and it could indicate that the criminals are testing different families for seeing which Trojan has the most success.
The Right Way for Saving Hostages from Trojans
The COPAN Ransomware's campaign is hitting Windows users in the Netherlands, although this is an early estimate and there could be victims elsewhere. Its family of DCRTR-WDM Ransomware has a semi-creative distribution tactic of pretending that it's an update for Windows Defender, and includes a fake setup UI to that effect. Users should be watchful for suspicious downloads, scan incoming files with appropriate security software, and avoid installing updates from unofficial sources.
There are decryption service offers for the COPAN Ransomware and its relatives, although the successful recovery of one's files isn't a guaranteed outcome. Because decryption by the wrong program can damage your media, malware experts suggest that victims always create copies of any locked content before sending it through a decryption routine. Using an incompatible solution, such as a decryptor for the Dharma Ransomware, only will harm your files permanently.
Unlocking digital media isn't a built-in feature for traditional anti-malware suites. However, most of these programs should identify this threat and remove the COPAN Ransomware, or other cases of the DCRTR-WDM Ransomware family.
The COPAN Ransomware's European attacks are ladling a generous helping of mistaken identity as the garnish for their file lockdowns. Don't act rashly when file recovery is on the menu – the results of such action can be not to one's taste.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.