Desktop Ransomware
The Desktop Ransomware is a file-locking Trojan that uses encryption to block documents and other media before showing the user a pop-up with its ransom demands. Keeping backups of your work is the most dependable recovery option for your files, although current samples of the Desktop Ransomware, also, are compatible with other solutions. Always treat this threat as a possible danger to your media and isolate or delete the Desktop Ransomware with the help of dedicated anti-malware products.
Facebook Briefly Becomes 'Trojanbook' for One Campaign
One small-time threat actor is starting a file-locking Trojan campaign that's exploiting publicly-available social networks instead of an ordinary C&C server or domain host. The Desktop Ransomware uses a method of attack that's not very different from that of large families like Hidden Tear, the Globe Ransomware or the Scarab Ransomware: it runs an automatic encryption routine on your files and follows it with instructions on getting the unlocker. What makes the Desktop Ransomware different from similar threats is its misuse of Facebook.
Besides the encryption routine, which uses a not-yet-determined enciphering method, the Desktop Ransomware prepends '.Lock' tags to the name of each file that it locks, which is a departure from the traditional change of extension suffixes. Its other feature is the loading of an HTA pop-up with an encryption warning, a field for entering the decryption key (or 'PIN,' as the message references it), and a button for acquiring that code. When the user clicks it, the latter opens a personal page on Facebook for ransoming details presumably. However, the company has removed this page as of early November.
Although users can't read the potential ransoming notes or access the threat actor's services, this Trojan uses a static password (currently: '00114455220033669988554477++//'). Entering this code will load the decryption routine and convert your files back to their non-encrypted formats. However, the author may change it, in future builds, and malware analysts always recommend having secure backups as last-resort solutions.
Back to the Desktop that You'd Want to Look At
The Desktop Ransomware's payload includes an image file that it may use for hijacking the user's desktop wallpaper, although malware researchers have yet to verify the function for working. If the Desktop Ransomware does implement it, the change is unlikely of occurring until after all the targeted media becomes blocked. Backing up documents and other work to a portable or password-protected device can counter any chances of the Desktop Ransomware's taking your files hostage.
The Desktop Ransomware's installers are using disguises pretending that they're downloads of the upcoming Grand Theft Auto 6 game. Such tactics are prolific throughout torrents and unsafe websites that fake providing premium products illegally and freely. Many, but not all cyber-security products are detecting and deleting the Desktop Ransomware, while a smaller number than that are identifying the fake GTA executable as being a threat. Users should update their security products' databases, when possible, for maximizing their accuracy.
The Desktop Ransomware infections occurring with the latest versions aren't very capable of blocking your files in ways that aren't reversible. While this is good news for anyone without backups, betting all of your work on that state of affairs remaining stagnant isn't a gamble that malware analysts would encourage.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.