CryptoPatronum Ransomware

The CryptoPatronum Ransomware is a file-locking Trojan whose code is a partial derivative of Hidden Tear, a previously open-source, free project. Victims of infections may find their files not opening, as well as encountering issues with server administrative software. Let your anti-malware products delete the CryptoPatronum Ransomware at the first opportunity and maintain

The would-be Boss Over Your Media

Another version of Hidden Tear is attacking servers in Russia, with victims reporting of locked files without any recourse for unlocking them. The CryptoPatronum Ransomware, whose name translates roughly into 'Hidden Boss,' from Latin, includes some easily-overlooked, but significant updates that make its version of Hidden Tear more threatening than the usual clone. The CryptoPatronum Ransomware also inflicts the traditional attacks of this family: namely, encryption, filename edition and the creation of messages with extortionist demands.

The CryptoPatronum Ransomware is a Windows program that pretends that it's a part of the operating system's essential files, such as wininit.exe, and includes fake copyright details to that effect. The AES encryption that it borrows from the Turkish Hidden Tear project is its primary security issue. The CryptoPatronum Ransomware can 'lock' TXT text files, JPG image files and numerous other formats of media. However, malware researchers also are broadening the CryptoPatronum Ransomware's payload's characteristics to other, anti-security and administrative attacks.

The CryptoPatronum Ransomware design orients itself towards targeting vulnerable businesses. The Trojan terminates admin applications like TeamViewer and Microsoft SQL Server through concealed system commands automatically. The CryptoPatronum Ransomware also harbors the usual problem of file-locker Trojans: deleting the Shadow Volume Copies, which keeps any users from getting their work back through a Restore Point. Other symptoms, such as unique e-mails and extensions inserted into names, and an English-language ransom note in TXT, are typical for a threat of its type.

Freeing Your Server from the Worst Hands-On Manager Kind

The CryptoPatronum Ransomware's asking for an entire Bitcoin, over eight thousand USD, is more evidence that the Trojan's campaign is targeting businesses with the finances for paying its steep ransoms. In different circumstances, paying the ransom doesn't guarantee the criminal's acting in the victim's best interests. Since Hidden Tear is, generally, one of the less-secure Trojans with encryption functionality, victims should contact an appropriate security researcher for exploring the decryption possibilities.

Several tactics are particularly relevant to businesses at risk from these attacks. Workers may receive falsified e-mail messages with imitations of invoices or other, work-related documentation. These documents can conceal software vulnerabilities or macros that help drop Trojans like the CryptoPatronum Ransomware. In other cases, attackers take a direct hand in the proceedings, and compromise servers through brute-forcing weak passwords or hijacking a publicly-available RDP setup.

While users can take precautions for preventing the CryptoPatronum Ransomware infections, unlocking files with free decryptors is impossible currently. The next best solution is letting a local anti-malware service block the installation exploit or remove the CryptoPatronum Ransomware immediately for preventing further loss of files.

The CryptoPatronum Ransomware is squeezing possible profits out of Russian businesses, but there's nothing about its crimes that are specific to Russia. Everyone should know well enough to protect their files with bare minimum precautions, unless they want Trojans, freeware or otherwise, making money off of the oversight.