Ekati Ransomware

Posted: March 3, 2020

Ekati Ransomware Description

The Ekati Ransomware is a file-locking Trojan without attachments to a family, such as Hidden Tear or the Dharma Ransomware. The Ekati Ransomware can block files with the AES encryption, along with conducting various other attacks that harm your PC's overall security. Users should protect any media content through secure backups and let their anti-malware products remove the Ekati Ransomware from their PCs.

A Heady Dose of Black Magic for Windows

Mythological references are mingling with 'demonstrations' of file-locker Trojan software in the latest Ekati Ransomware, a threat that has yet to show itself in live distribution. While the Trojan is only available in a demo state, malware experts can confirm various features included that make it at least as threatening as, if not more so than, a majority of Ransomware-as-a-Service families. The Ekati Ransomware is yet another Trojan for Windows that accesses, modifies, collects, and destroys data for getting ransoms.

The Ekati Ransomware's name is a transliteration of Εκάτη, the Greek name for Hekate, a goddess of dark arts such as witchcraft and necromancy. The colorful name of the Ekati Ransomware suggests little about its possible distribution, as malware experts haven't seen it in the wild or a live attack scenario. The Trojan delivers ransom demands for a decryptor in an HTML page with a timer, but only after committing attacks that grant it leverage over the victims' data.

Some of the more crucial features in the Ekati Ransomware include:

  • The AES encryption 'locks' the user's media, such as JPGs or DOCs, among other formats. Unlike most Trojans of the kind, the demo version of the Ekati Ransomware doesn't add custom extensions onto their names.
  • The Ekati Ransomware also destroys any Shadow Copy backups that might be available, which keeps users from restoring the content.
  • Like the STOP Ransomware family, the Ekati Ransomware also makes use of Mimikatz as a third-party module that lets it steal passwords. Infections may exploit this information for compromising more devices or pass it off to attackers for selling.
  • The Trojan also includes some flexible remote administration features through RDP, SSH, HTTP, and other protocols.
  • It also can modify the Hosts file for blocking websites or redirecting users to corrupted sites due to changes in how the PC interprets domains and IP addresses.
  • Last, it disables some network security features, such as the Windows firewall.

Even though the Ekati Ransomware is in a demonstrative build state, it's payload leaves little room for doubt as to the threat actor's intentions: extortion through sabotaging digital media, with unknown prices for its ransoms.

Dispelling the Witchcraft that a New Trojan Casts

If the Ekati Ransomware follows the well-trod path of most Ransomware-as-a-Service Trojans, its availability will have few limitations for interested parties, save for the initial fee. Criminals could choose distribution methods ranging from indiscriminate torrents to highly-targeted e-mail attachments with customized content for the recipients. Some of the self-defensive steps that all Windows users should be taking already include disabling macros, installing security patches regularly, and ignoring downloads without verifying them or their sources as being safe, first.

Regaining encrypted files through freeware decryption solutions is relatively rare, but malware researchers have yet to rule out such recovery methods with the Ekati Ransomware. Users can provide copies of their encrypted media and related files, such as e-mails or the Trojan's executable, for analysis by trusted security researchers. Otherwise, having a backup out of the Ekati Ransomware's range, such as on a detachable USB thumb drive, is one's best option for recovery.

The Ekati Ransomware also is investing little effort into hiding its identity or terminating the traditional security solutions that might detect it. Users with anti-malware services can quarantine and remove the Ekati Ransomware at any time safely.

As the Ekati Ransomware progresses from a demo to the 'real thing,' users' files will experience the usual dangers of encryption, deletion, and even permanent corruption, possibly. The best counter to such dark magics is beforehand prep, just as the superstitious once availed themselves of warding tools like iron horseshoes for fending off would-be sorceries.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Ekati Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware Ekati Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.