Euclid Ransomware

Posted: June 7, 2019

The Euclid Ransomware is a file-locking Trojan that can block media on your computer, such as text documents, by encrypting it. Appropriately-stored backups can provide a bulwark against these attacks and give victims a recovery option. Otherwise, have your anti-malware programs block and delete the Euclid Ransomware as soon as possible for stopping any ongoing damage to your files.

The Increasing Weight of Trojan Assaults against Soviet Satellites

File-locker Trojans are becoming a not-unusual feature in the cyber-security landscape for both Russia and the nations neighboring it. However, most of the examples that malware researchers see, such as the Dharma Ransomware variants like the '.back File Extension' Ransomware and the LDPR Ransomware, belong to well-known families and Black Hat businesses. The Euclid Ransomware throws some contrast against them with its campaign since its payload doesn't synchronize with any Ransomware-as-a-Service collective.

The Euclid Ransomware's target region of choice, for the moment, is Kazakhstan, with infections occurring as of June. Although its distribution methods are unknown, malware researchers have confirmation of it infecting Windows environments and locking media files such as Word documents with encryption. Although the Euclid Ransomware claims that its encryption method is a combination of RSA and Salsa20, victims should note that file-locker Trojans can, and often do, lie about the complexity of their file-blocking features.

Infections also have another symptom: a text message whose template isn't similar to that of the Scarab Ransomware – one of the most likely Trojans of this category for targeting this part of the world – or other RaaS businesses. The English message, with numerous typos and other errors, offers Telegram for communicating on the ransom negotiations for an unlocker. Oddly, the threat actors also assert that they'll provide security recommendations for free, which may be an effort at ingratiating themselves and increasing the chances of getting a payout.

The Danger of Well Wishers Wielding Trojans

The Euclid Ransomware concludes its ransom note with an ironic 'best wishes' from its development team, which punctuates the overall tone of congeniality in its extortionist message. Users should, however, remember the potential for free decryption in some instances of file-locker Trojan infections, and contact an appropriate cyber-security specialist for their help. Or they may always use a backup for recovering, provided that they've saved one to a location out of the Euclid Ransomware's access such as a DVD, USB or any cloud service.

None of the Euclid Ransomware's distribution exploits have come to light in these early phases of its campaign, although it is in the wild. E-mails, torrents, and browser-based threats like compromised ad networks and Exploit Kits are some of the many, potential vectors for infection. Users should scan their downloads with anti-malware software for identifying and removing the Euclid Ransomware before it becomes a danger to their files.

The Euclid Ransomware's namesake is a Greek mathematician, but the only numbers of any interest to its threat actors are how much money they can extort. Windows owners can always solve the pressures of such equations by backing their work up and minding their security standards.