Epor Ransomware

The Epor Ransomware is a file-locking Trojan that's part of the STOP Ransomware's Ransomware-as-a-Service. The Epor Ransomware can block the user's media files by encrypting them, change extensions, and deliver ransom notes. All Windows users should back their files up for safekeeping and have appropriate PC security solutions for removing the Epor Ransomware.

The Business-Minded Trojans Falling into Windows PCs for Fall

As Ransomware-as-a-Service activity continues thriving into November, much activity is visible from the already-established, larger families of Trojans that operate on a for-hire model. Out of them, the STOP Ransomware family continues being one of the most frequently in use, along with the Dharma Ransomware. The Epor Ransomware campaign, the latest attack attempt using the former RaaS, consequentially is far from a shock.

The Epor Ransomware's features display the STOP Ransomware family's relative stagnancy, which varies little between campaigns currently, save for changing Trojans' names and blocked files' extensions. The threat includes both offline and online versions of its encryption routine, the feature that blocks most media files and changes their format label (for instance, 'example.jpg.epor'). The Epor Ransomware also may conceal its attack by distracting the user with a fake 'Windows Update' window.

The Epor Ransomware's ransom note is a text message that stays within the long-held standards of the STOP Ransomware family, as readers can see in other variants, like the Iiss Ransomware, the Maas Ransomware, the NPPH Ransomware and the Vvoa Ransomware. The threat actors provide family-generic e-mail addresses for communicating with victims and sell a premium data recovery service that unlocks the encrypted files. Naturally, alternate recovery options, ideally through backups, are preferable for all victims who have them on hand.

The Epor Ransomware also may redirect the browser or block websites, as per the family's traditional changes to Hosts file settings.

Shuttering Businesses that Prey on Others' Insecurity

Windows users lacking the standard protections against attacks may experience either targeted or random and opportunistic victimization by the Epor Ransomware's campaign. Since Ransomware-as-a-Services can employ different attackers with various methods, malware experts only may provide general recommendations about many cases. While home users may suffer from file-locker Trojans like the Epor Ransomware, similarly, many attacks compromise weakly-protected business entities preferably.

Windows users can reduce the Epor Ransomware infections' chances by using strong passwords for network access, RDP, and admin-privilege accounts. They also should inspect e-mail attachments with care due to the current favoritism of fake invoices, Coronavirus guidelines, and other phishing lures that use corrupted documents or spreadsheets. All Web-browsing activity should always avoid unofficial updates or illegal content, and users should consider turning off some features – most significantly, JavaScript, Flash and Java.

Lastly, most of the STOP Ransomware versions have no obfuscation worthy of the name, and credible PC security services should delete the Epor Ransomware without any meaningful difficulties.

Since malware experts have yet to acquire samples of files associated with its infection strategies, the Epor Ransomware's campaign might use any number of abusive exploits or tactics. One thing is sure, though: PC users on Windows with valuable files, but no backups for them, are playing with fire – even as winter encroaches.