Home Malware Programs Ransomware Ender Ransomware

Ender Ransomware

Posted: October 9, 2017

Threat Metric

Threat Level: 10/10
Infected PCs: 84
First Seen: October 10, 2017
OS(es) Affected: Windows

The Ender Ransomware is a screen-blocking Trojan that prevents you from accessing the TaskBar or other parts of the UI by blocking them with its pop-up feature. Although its pop-up messages state otherwise, current versions of the Ender Ransomware omit any data-encrypting features and can't lock your files individually. Although dedicated anti-malware products always may uninstall the Ender Ransomware either preemptively or after an infection, victims also may need additional steps for recovering access to the Windows interface.

Trojans Ending Your Access to Windows Imperfectly

Screen-locking features are an often seen, but not mandatory part of most Trojans campaigns trying to encode files and force their owners into paying ransoms. Such attacks are just as frequently accompaniments with fraudulent Trojans that have no intention of locking any digital content one-by-one but may pretend to do so, for forcing the user into paying. Whether the latest example, the Ender Ransomware, belongs to the former sub-category or the later remains to be seen.

The release of the Ender Ransomware available to malware analysts, for now, seems to be in a state of incomplete development. Its only attack feature of note is its ability to load an HTA window carrying an encryption alert in poor English, with numerous grammar mistakes and placeholder elements. Theoretically, the victim can click the provided button for further instructions on paying a ransom to acquire the 'encryption key.' Since the Ender Ransomware doesn't encode any documents or other files, the only purpose this code serves is for closing the pop-up.

Due to many file-locking Trojans also using screen-locker features in their payloads, the Ender Ransomware's author could intend to add actual data-enciphering attacks, in the future. Along with the feature already blocking the user's ability to open other programs or use the Windows interface, a non-consensual encryption function could prevent arbitrary types of media from opening, such as documents, pictures or spreadsheets. Trojans often add extensions to the names of any content that they hold hostage (such as '.ender').

Putting an End to Plunder without the Pain Backing It Up

While the Ender Ransomware's author has clear motivations of trying to profit off of locking arbitrary PCs out of Windows, its screen-locking feature is less challenging to override than the encryption algorithms of other Trojans that compete in the same, underground industry space significantly. Default shortcuts, such as Alt + F4 (for closing the in-focus program or window currently) can help users remove the pop-up temporarily, the Safe Mode feature can facilitate rebooting without loading this Trojan, and booting from a secondary drive also is a viable route for recovery. Traditionally, malware experts discourage paying the ransoms associated with similar attacks, which almost always use methods not subject to refund policies or customer protections.

The file data of current samples implies that the Ender Ransomware's campaign is attacking, not just English speakers, but also, residents of Finland. Unfortunately, malware experts have yet to confirm any live incidents of other threats dropping the Ender Ransomware, and the Trojan may use infection exploits that range from email attachments to brute-force attacks or torrents. Due to this Trojan's relatively high evasion rate within current detection protocols, updating your anti-malware software may be necessary for catching and deleting the Ender Ransomware immediately.

The Ender Ransomware could be content to be a screen-locking Trojan with lies piled on top of a relatively simple attack, or it could be a stepping stone that's soon will upgrade itself to worse attacks. No matter what the truth is, obeying a harmful program's advice will result in little other than enriching its author for taking the time to lock your PC.

Related Posts

Loading...