Energy Ransomware
The Energy Ransomware is a file-locking Trojan that has no known family or Ransomware-as-a-Service. The Energy Ransomware blocks the user's files, such as documents and other media, by encrypting them before creating a text message asking for a ransom. Users should have backups appropriate for recovery without paying and let their preferred anti-malware solutions safely remove the Energy Ransomware installations.
A Modest Dynamo of Digital Media Kidnapping
Russia returns to the forefront of the threat landscape, briefly, through a new Trojan's campaign with no evident trails linking it to well-known entities like a Ransomware-as-a-Service or Hidden Tear. The Energy Ransomware, first found by independent cyber-security researchers, takes the well-worn path of taking ransoms by blocking its victims' files. That the threat actor prefers a Russian e-mail domain is unlikely as being coincidental entirely but doesn't limit the Energy Ransomware to victims in that nation.
The software is a .NET Framework executable that runs in Windows, a typical starting point for most file-locker Trojans. Malware experts see some installers' names for it, such as 'Client-2,' implying business environments as the targets. It uses encryption, which may or may not be secure, for blocking users' text, documents, spreadsheets, music, pictures, and other media files, one by one.
The Energy Ransomware has a customized extension for these files, promoting the attacker's address for negotiations, and refers to the Trojan's name. More importantly, it gives the victim an ID inside of a text file for the decryption process for unlocking files. Another detail in its ransom note is the reference to the number of files that it blocks, which is atypical of most Ransomware-as-a-Services popular in 2020.
Energizing Security against Traditional Trojans
The Energy Ransomware isn't using digital signatures and has no significant obfuscation features to prevent security solutions from detecting it as a security risk. Given the Russian connection, the Energy Ransomware may be circulating through popular torrent networks as copyright-protected movies, game cracks or other downloads. Users protect themselves from these tactics effectively by the simple expedient of avoiding illicitly-downloaded content, paying attention to the extensions on files' names and scanning files before opening.
Because malware researchers haven't looked at the Energy Ransomware's encryption routine in-depth, its' victims possibilities for unlocking files aren't definitive. However, most Trojans secure their encryption features without any problems or glitches that would lead to the victim's having alternative recovery solutions. Data of any value should possess backups on other devices for optimal safety.
Only Windows systems are at risk from the Energy Ransomware's campaign, though similar file-locker Trojans are available on most operating systems. Any cyber-security products with support for threat elimination should remove the Energy Ransomware on sight.
Russia's history with Trojan programming is long and complicated, but one wouldn't know it from a threat like the Energy Ransomware. Despite a possibly-meaningful link back to that country, an encryption payload is nothing exciting to security experts and only takes advantage of the already-unprotected.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.