EbolaRnsmwr Ransomware

The EbolaRnsmwr Ransomware is an update of Hidden Tear, a file-locker Trojan whose source code is available for free. This version of HT, besides blocking files with AES encryption, also creates pop-ups and changes your desktop's background image. Free decryption programs or secure backups can offer file-restoring choices to the victims who require them, and most anti-malware programs are experiencing no problems with deleting the EbolaRnsmwr Ransomware as a danger to Windows PC.

Hidden Tear Becomes Ebola-Contaminated

The misuse of the theoretically-benevolent Hidden Tear project is continuing well into fall of 2018 with a new version whose payload contains more than the usual variant. The EbolaRnsmwr Ransomware campaign isn't, at this article's publication date, ready for its release against victims in the wild. In spite of its in-progress status, most of the work, already, is done for accomplishing its various attacks, which use a standard, file-blocking technique and some new ways of delivering ransoming messages.

Most AV products are identifying the EbolaRnsmwr Ransomware heuristically as a danger to your PC, and the file-locker Trojan is, like any version of Hidden Tear, a Windows-based program. It can encrypt the files on your PC, such as Word documents, JPG or GIF images, or other media, by converting them with an AES (sometimes referred to as Rijndael) cipher, and adds '.101' extensions to their names. Readers may remember that many versions of Hidden Tear are non-secure and are compatible with free decryption programs, but malware researchers don't have 'final' samples of the EbolaRnsmwr Ransomware for confirming that file-restoring method.

These attacks are traditional among many versions of Hidden Tear besides the EbolaRnsmwr Ransomware, such as the Nog4yH4n Project Ransomware, the Qinynore Ransomware, the Genocheats Ransomware or the Baliluware Ransomware. The EbolaRnsmwr Ransomware, additionally, is part of a wave of new versions of this family that include graphics-oriented symptoms for delivering their ransoming demands. Whereas past variants, typically, drop ransom notes in Notepad, malware experts confirm the EbolaRnsmwr Ransomware's utilizing both a new desktop wallpaper and an interactive pop-up with its ransom instructions for buying the decryption tool (which, as usual, the victim should disregard).

A Quick Fix for a Digital Media Disease

Attacks from file-locker Trojans are most preventable from harming your computer's file efficiently by storing copies on secure locations, which can range from any removable device (DVD, CD or USB) to a variety of network and cloud-based services. In rare cases, users also may find that the Trojan hasn't removed the Windows restore point-based data that would help them 'roll back' their files to the non-encrypted versions. Malware experts also encourage using the freeware decryption tools for the Hidden Tear family, if necessary, for undoing the EbolaRnsmwr Ransomware's damages.

The EbolaRnsmwr Ransomware's threat actor is, almost certainly, an individual with minimal experience in this black market industry, due to his requesting payments through the easily-traceable means of Amazon gift cards. Although this threat's campaign is targeting English speakers, the grammar errors in its payload imply the use of auto-translate services, and malware experts have no data available for tracing its infection strategies. Anti-malware programs by most AV companies can block or delete the EbolaRnsmwr Ransomware automatically, although they may not detect it as being a variant of Hidden Tear.

The EbolaRnsmwr Ransomware is in keeping with 2018's trend of showing graphical edits to otherwise-unremarkable, but functional, file-locker Trojans. Windows owners shouldn't need to adjust their defensive strategies against this threat significantly, but forgetting the maintenance of a bare-minimum backup could be a costly misstep.