Erica2020 Ransomware
The Erica2020 Ransomware is a file-locking Trojan that blocks digital media for extorting ransom money afterward. Its payload's messages are orienting themselves towards Russian native speakers currently, although the encryption routine may harm files on computers anywhere in the world. Most anti-malware products should flag and remove the Erica2020 Ransomware as a threat correctly before it damages any data.
Geopolitical Tensions Manifesting in Programming
Although Russia is often the regional spawning ground of many Trojan-related attacks, at least one campaign is flipping the script. What possibly is the product of a Ukrainian programmer is targeting victims in Russia, with one of the most common money-making tactics: encrypting data and selling the possible decryption service after doing so. In its standards of operation, the Erica2020 Ransomware is similar to the great families like Hidden Tear or the Globe Ransomware. However, malware experts deem its ancestry unique to itself.
The Erica2020 Ransomware is a .NET Framework program that runs in Windows environments, with an installer using either a randomly-named executable or a fake 'scr' (AKA Windows screensaver) file. Currently, samples also use icons referencing a character from Warner Brothers' 'Animaniacs' cartoon. The Trojan uses many of the traditional features of its kind, including AES encryption for keeping digital media from opening, appending customized extensions and creating text ransom notes. The last, however, have traits that are a little more unusual.
The ransom message that the Erica2020 Ransomware drops are in Russian, rather than English, and provides an e-mail and ID for negotiating over the criminal's unlocking. A tag line at the end also includes an insult towards the reader regarding their backup habits – in Ukrainian. The latter suggests political motives about the design and distribution of the Erica2020 Ransomware, although it is in testing with partial placeholder instructions currently.
Bringing Peace Between Nations - or Between Files and Software
Unlocking or decrypting one's media without paying a ransom can be difficult or impossible for the majority of file-locking Trojan attacks. While malware experts have yet to confirm the security of the Erica2020 Ransomware's encryption routine, rendering it immune to third-party decryptors would be a small programming obstacle for any threat actor. Users should take the insult in the Erica2020 Ransomware's note to heart and implement well-maintained backups before, rather than after, an attack occurs.
Users also can guard the 'borders' of their PCs by monitoring some of the most well-trod infection vectors of the past several years. E-mail attachments are a rich source of attacks against networks, along with brute-forcing passwords and other login credentials. For random victims, possible exposure also can come through downloading illicit torrents or updates from unofficial websites.
Although it's new, most anti-malware tools are finding and deleting the Erica2020 Ransomware as a threat, with usually-generic descriptors. The Erica2020 Ransomware is a colorful expression of how real-world tensions boil over into the Internet, but it's jeering with a good lesson attached to it. Anyone who doesn't know the value of a backup might get taught one the painful way – by a Trojan taking advantage of their oversight.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.