Ekati Ransomware

The Ekati Ransomware is a file-locking Trojan without attachments to a family, such as Hidden Tear or the Dharma Ransomware. The Ekati Ransomware can block files with the AES encryption, along with conducting various other attacks that harm your PC's overall security. Users should protect any media content through secure backups and let their anti-malware products remove the Ekati Ransomware from their PCs.

A Heady Dose of Black Magic for Windows

Mythological references are mingling with 'demonstrations' of file-locker Trojan software in the latest Ekati Ransomware, a threat that has yet to show itself in live distribution. While the Trojan is only available in a demo state, malware experts can confirm various features included that make it at least as threatening as, if not more so than, a majority of Ransomware-as-a-Service families. The Ekati Ransomware is yet another Trojan for Windows that accesses, modifies, collects, and destroys data for getting ransoms.

The Ekati Ransomware's name is a transliteration of Εκάτη, the Greek name for Hekate, a goddess of dark arts such as witchcraft and necromancy. The colorful name of the Ekati Ransomware suggests little about its possible distribution, as malware experts haven't seen it in the wild or a live attack scenario. The Trojan delivers ransom demands for a decryptor in an HTML page with a timer, but only after committing attacks that grant it leverage over the victims' data.

Some of the more crucial features in the Ekati Ransomware include:

• The AES encryption 'locks' the user's media, such as JPGs or DOCs, among other formats. Unlike most Trojans of the kind, the demo version of the Ekati Ransomware doesn't add custom extensions onto their names.
• The Ekati Ransomware also destroys any Shadow Copy backups that might be available, which keeps users from restoring the content.
• Like the STOP Ransomware family, the Ekati Ransomware also makes use of Mimikatz as a third-party module that lets it steal passwords. Infections may exploit this information for compromising more devices or pass it off to attackers for selling.
• The Trojan also includes some flexible remote administration features through RDP, SSH, HTTP, and other protocols.
• It also can modify the Hosts file for blocking websites or redirecting users to corrupted sites due to changes in how the PC interprets domains and IP addresses.
• Last, it disables some network security features, such as the Windows firewall.

Even though the Ekati Ransomware is in a demonstrative build state, it's payload leaves little room for doubt as to the threat actor's intentions: extortion through sabotaging digital media, with unknown prices for its ransoms.

Dispelling the Witchcraft that a New Trojan Casts

If the Ekati Ransomware follows the well-trod path of most Ransomware-as-a-Service Trojans, its availability will have few limitations for interested parties, save for the initial fee. Criminals could choose distribution methods ranging from indiscriminate torrents to highly-targeted e-mail attachments with customized content for the recipients. Some of the self-defensive steps that all Windows users should be taking already include disabling macros, installing security patches regularly, and ignoring downloads without verifying them or their sources as being safe, first.

Regaining encrypted files through freeware decryption solutions is relatively rare, but malware researchers have yet to rule out such recovery methods with the Ekati Ransomware. Users can provide copies of their encrypted media and related files, such as e-mails or the Trojan's executable, for analysis by trusted security researchers. Otherwise, having a backup out of the Ekati Ransomware's range, such as on a detachable USB thumb drive, is one's best option for recovery.

The Ekati Ransomware also is investing little effort into hiding its identity or terminating the traditional security solutions that might detect it. Users with anti-malware services can quarantine and remove the Ekati Ransomware at any time safely.

As the Ekati Ransomware progresses from a demo to the 'real thing,' users' files will experience the usual dangers of encryption, deletion, and even permanent corruption, possibly. The best counter to such dark magics is beforehand prep, just as the superstitious once availed themselves of warding tools like iron horseshoes for fending off would-be sorceries.