Crimson Ransomware
The Crimson Ransomware is a file-locking Trojan that also is a module of STRRAT, a Remote Access Trojan. While the latter provides attackers with access to the computer, the Crimson Ransomware conducts file-locking operations and extortion – although early versions omit any encryption. Users might be able to recover files by removing the extensions that the Trojan adds. They should also use anti-malware utilities for removing the Crimson Ransomware and the related STRRAT.
Being Awash with Red Has Other Dangers than Expected
Encryption is a technically-accessible means of securing data, but it works as well for criminals and assailants as it does for a file's rightful owners. For this reason, it's become the by far the standard for file-locking Trojans' payloads, eclipsing alternatives like compressing files inside of archives to an enormous degree. However, jumping to conclusions and assumptions can hurt any victim, such as those of the Crimson Ransomware infections.
The Crimson Ransomware is a file-locking Trojan that includes the extension-tagging and ransom note-creating features of similar threats and targets Windows environments with extortion. Its behavior is limited strangely, though – as of June, early samples of this Trojan don't use encryption for locking the files that they attack, such as documents. Since the extensions are the only things preventing the media content from opening, their removal, essentially, solves the problem.
Unfortunately, malware experts closely connect the Crimson Ransomware to another Trojan: STRRAT. This Remote Access Trojan offers a user-friendly backdoor into the infected PC and may record the user's keystrokes, execute command-line commands or target and exfiltrate credentials like passwords. Since this pairing is atypical, victims may find themselves relieved at the lack of the file loss and assume that nothing else is wrong too-quickly – while the Crimson Ransomware's partner makes off with sensitive data.
Taking the Stain of Data Insecurity Off Your Computer
The Crimson Ransomware's campaign is notable for the Java Runtime Environment requirement, and the deactivation or total omission of it can prevent infections. Malware researchers recommend avoiding the two Trojans' infection vector: Java archives attached to e-mail messages, pretending that they're documentation related to orders. Although similar attacks might occur in other nations with little to no alteration, German users are the campaign's current targets.
Users also should be cautious about their password security and prevent attackers from misusing credentials for hijacking accounts. Always disable network connections ASAP after any suspicion of a backdoor Trojan or RAT infection, and change all passwords after disinfecting the computer. If the Crimson Ransomware acquires updates that provide it with the same encryption as similar Trojans, the presence of backups on other devices also will prove helpful.
The Crimson Ransomware is a strangely-crippled version of a file-locking Trojan and currently isn't as problematic as the STOP Ransomware, the Dharma Ransomware or dozens of other families. Despite the limitations, users should remain vigilant and remember that Trojan attacks can come in pairs.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.