CryptoDarkRubix Ransomware
The CryptoDarkRubix Ransomware is a file-locking Trojan from a possible new family, the Ranet Ransomware. It can block files, such as databases and documents, and further damage them by erasing their internal data. Users should ignore the Trojan's ransom messages, let their anti-malware services uninstall the CryptoDarkRubix Ransomware, and recover from their last backup.
A Trojan Flag-Bearer Appears with Its Hands on Theoretical Bitcoins
The presence of a new campaign from a file-locking Trojan tends to be symptomatic of activity from an overarching family, including Ransomware-as-a-Services like the highly-prolific STOP Ransomware. Although the early estimates remain up in the air, the CryptoDarkRubix Ransomware evidences a high probability of being just that – and even worse than that, evidence of a brand-new family in the works. With file data implying an originator, the Ranet Ransomware, the CryptoDarkRubix Ransomware is a first shot from what could become a booming business.
The CryptoDarkRubix Ransomware operates similarly to most of the RaaS-based threats of its kind. It uses AES and RSA encryption for locking content, and with this method, captures over fifty formats of data, such as pictures, documents, databases and other media. Samples of the CryptoDarkRubix Ransomware also include an extra and less-typical feature or bug: deleting significant portions of the file's internal data, which renders it unrecoverable.
Malware researchers also point to symptoms including changes to files' extensions, a JPG desktop background swap, and a text note that asks for a Bitcoin. The CryptoDarkRubix Ransomware's letter refers to a wallet that is active throughout 2020 but with most transactions that do not match its suggested ransom. Since paying doesn't recover the damaged files, victims should turn to different solutions, such as cloud backups or Restore Point rollbacks.
Spreading a Little Light to Dark Trojans
The CryptoDarkRubix Ransomware is only relevant to Windows users and requires the Windows .NET Framework for its installation. Besides those potential victims, malware experts can't narrow down its geographical distribution further. The Trojan currently uses a New Zealand-based e-mail address, but the choice could be incidental.
Malware analysts also find no indications of digital certificate signatures, or other, high-end obfuscating techniques in samples. As a result, most security products with threat-detecting technology should identify the CryptoDarkRubix Ransomware's installer while scanning suspicious downloads. Users should also protect themselves with appropriate, general-purpose practices like using strong passwords, refusing to engage in software piracy, and turning off potentially-threatening features, including Word macros and in-browser Flash or JavaScript.
The CryptoDarkRubix Ransomware is a slapdash entry into the file-locker Trojan category, but hastily-written Trojans are blunt clubs compared to the sharpened knives of sophisticated black hat software. Either weapon is just as lethal for anyone who doesn't protect themselves, or their files, from the blow.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.