Home Malware Programs Ransomware "Demo" Ransomware

"Demo" Ransomware

Posted: November 16, 2016

The "Demo" Ransomware is a Trojan that encodes JPG pictures with a cipher to block them and generates additional files that deliver text-based ransom demands. Infiltration methods for threats of this type often include spam e-mails or browser-based attacks, such as exploit kits that could install the threat automatically. Use your anti-malware programs to stop the "Demo" Ransomware's installation and remove it, and make backups to make your data less vulnerable to similar attacks.

A Threat Demo with a Sharp Focal Point

One of the most notable quirks of a file-encrypting Trojan's campaign is what kinds of data it tries to hold for ransom. Different formats can endanger different targets, such as employees at specific businesses or individuals using their computers for personal activities. In mid-November, malware researchers are finding samples of what may be the most niche Trojan yet: the so-called the "Demo" Ransomware.

Belying its name, the "Demo" Ransomware is a fully-functional threat (unlike, for example, the more limited BonziBuddy Ransomware) that can encode the contents of your hard drive without any symptoms automatically. However, its author chose to restrict the "Demo" Ransomware's whitelisted formats for encryption to only one format, JPG. Such a restriction may indicate that the "Demo" Ransomware is meant to serve 'educational' purposes like the now-exploited Hidden Tear program. Alternately, its author may be targeting PC users with personal investments in saving their image-based content, such as artists.

The "Demo" Ransomware tags its encrypted content with the same '.encrypted' extension shared among many, unrelated file-encryption Trojans. It also provides a Notepad file with instructions on how to 'help' regain your pictures. Malware experts find the current instructions from the "Demo" Ransomware just as detailed as those of most active campaigns, including such information as Bitcoin payment advice and the infected PC's individual ID number.

Taking the "Demo" Ransomware out of the Picture

Even if this Trojan owes its existence to research motivations, it will need almost no updating to be deployed against live targets, blocking their picture-based content indefinitely. While it's a possible option, paying ransomed Bitcoins to extortionists often backfires on victims trying to decrypt their data. As a better response, malware experts more often recommend using backups or third-party decryption tools, with the latter often available from various anti-malware organizations.

Accurate detection rates for the "Demo" Ransomware's samples are extremely limited. Victims may want to provide samples to interested researchers to speed up the process of developing decryption software that doesn't require paying a con artist to use. Update your anti-malware products and scan your PC from Safe Mode to maximize your chances of uninstalling the "Demo" Ransomware without leaving behind any unwanted components, such as Registry entries.

As far as demonstrative software goes, malware experts have little choice but to label the "Demo" Ransomware as a likely threat to your computer that you should handle with care.

Loading...