DeltaSEC Ransomware
The DeltaSEC Ransomware is a variant of the Jigsaw Ransomware, the file-locking Trojan that encrypts your files and deletes them on a timer. The users should avoid rebooting without additional precautions for preventing the threat from restarting. Recover your work from backups, if need be, only after having a suitable anti-malware solution uninstall the DeltaSEC Ransomware.
A Trojan's Puzzle is Self-Sabotaging Its Completion
The Jigsaw Ransomware is neither one of the largest nor one of the most profitable families of file-locker Trojans and isn't even an ideal representative of the Ransomware-as-a-Service business models that dominate its industry. However, it does boast of a unique capacity for harming files, not just with encryption or 'locking' behavior, but by having different triggers for erasing them. Accordingly, the users should have some concern over any new variants of it, like the recently-detectable the DeltaSEC Ransomware.
The DeltaSEC Ransomware is showing up in threat databases with the majority of AV vendors identifying it through a 'drill.exe' executable with no certificates or disguising elements. The threat actors are implementing changes to the original ransom note text, which displays in a pop-up, as well as hijacking a .NET Framework error for more taunts. Most threateningly for the victims, malware experts find no signs of the DeltaSEC Ransomware's removing the countdown file deletion, which erases files every hour, or the startup equivalent that does so whenever the DeltaSEC Ransomware restarts (such as when Windows reboots).
A minor error in the DeltaSEC Ransomware's AES encryption key generation, however, prevents it from locking any files, which is nearly all of the leverage of the ransom attempt. Additionally, there is a free decryption service for the Jigsaw Ransomware family that could be compatible with future releases of the DeltaSEC Ransomware, presuming that its author patches it.
Playing the Alpha to a Trojan's Delta Security
The DeltaSEC Ransomware is easily identifiable while it's running due to generating pop-ups that include its name, along with many of the cosmetics of Jigsaw Ransomware (minus the movie franchise references) automatically. Compromised PCs shouldn't be rebooting without using Safe Mode, switching to a 'recovery' OS like PuppyLinux, or using other means of blocking the DeltaSEC Ransomware's auto-starting routine, which will lead to the deletion of the files. The fact that the DeltaSEC Ransomware, also, erases media according to its sixty-minute countdown means that a quick response to the infection is necessary.
Having a secure backup plan is the ideal form of protection from file-locking Trojans, which can target your documents, pictures, archives, and other media with little to no discrimination. Although the DeltaSEC Ransomware's encryption isn't functional, it would take barely any time for its threat actor to correct the flaw in the AES and make it as threatening as the first Jigsaw Ransomware. Anti-malware services are, on the other hand, showing good statistics for safely removing the DeltaSEC Ransomware in nearly all cases.
Malware analysts can only guess at where a completed the DeltaSEC Ransomware could arrive from – its campaign could use spam e-mails, exploit kits or even torrents. Whatever route its infections take, the users can depend on universally-practical steps for shielding their files and computers from encryption attacks.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.