_encrypted Ransomware
The _encrypted Ransomware is a file-locking Trojan that's independent of any confirmed Ransomware-as-a-Service or family. Like more well-known threats of its type, it blocks media files in Windows PCs by encrypting them, adds extensions to their names, and leaves ransom notes for victims. Users should have secure backups for protecting their files and let dedicated security services remove any the _encrypted Ransomware infections.
Trojans Waiting on Their Infrastructure Insertion Patiently
Ransomware-as-a-Services offer a kudzu-like fast proliferation model that grows over much of the file-locking Trojan section of the global threat landscape. Still, there's room for occasional one-offs, such as the _encrypted Ransomware, which malware analysts confirmed recently. This Trojan-in-testing is missing several key elements, but its intentions are self-explanatory, with encryption and ransom demands in waiting.
The _encrypted Ransomware is targeting Windows systems, like most file-locking Trojans around the world. It uses a currently-unexamined form of data encryption that locks media files on infected PCs, such as documents, images and music. The Trojan appends extensions specific to its campaign purely as identifying markers of the attack, letting the victim know which files it has as captives.
The Trojan's threat actor opts for a Notepad TXT file as a ransom note, which uses English ransom demands that malware experts don't link to other Trojan families. Here, readers may see some elements that make the _encrypted Ransomware different from most Trojans of its classification: the local storage of user encryption and 'customer' data in a 'metadata.bin' file, and the missing anonymous TOR site link. Presumably, the latter is awaiting further Web development from the threat actor before being up and running for processing ransoms.
The Full-Fledged Danger from Half-Done Trojan Campaigns
That the _encrypted Ransomware appears in threat databases with incomplete infrastructure suggests that the programmer plans to test the detection metrics and update the Trojan afterward. Still, current rates of flagging the Trojan as a threat are high. Malware experts also emphasize that the encryption side of the _encrypted Ransomware's payload is working and capable of permanently blocking media files.
Windows users should protect their work through backups on secure devices, as is appropriate. They also can make themselves safe from infection attempts by multiple steps, such as:
- Refraining from enabling high-risk features like JavaScript, Flash and macros
- Using passwords that are strong enough to resist dictionary attacks
- Avoiding illicit downloads
- Installing software patches that removing known vulnerabilities
Other than attackers gaining access by brute-forcing passwords or hijacking RDP, most infection incidents involve users endangering their PCs with unsafe behavior. Most anti-malware products will further protect users by blocking most drive-by-downloads and should intercept and remove the _encrypted Ransomware.
The _encrypted Ransomware may become harder to detect in the future, but there's little point in guessing what a threat actor may or may not do with their pet project. What's certain is that a backup is priceless in the face of Trojan attacks, whether they have the backing of a bloated Ransomware-as-a-Service or are independents out for themselves.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.