'evolution@rape.lol' Ransomware
The 'evolution@rape.lol' Ransomware is a file-locker Trojan that encrypts your media so that it will not open and asks for ransom payments for the decryption solution for them. The 'evolution@rape.lol' Ransomware is in active circulation against business entities through indefinite infection exploits, which may include brute-force attacks or corrupted e-mail messages.
An Unknown Price Tag on Your Files
The victims are coming forward with evidence of attacks from threat actors against English-based businesses, but with minimal English proficiency, themselves. As a new source of harmful encryption for blocking files, the 'evolution@rape.lol' Ransomware has no self-evident ancestry but runs off of the same strategies that Hidden Tear, the Scarab Ransomware, the Crysis Ransomware and the Globe Ransomware are popularizing. Malware analysts have yet to confirm its circulation methods, but some exploits are especially likely, as they are with most file-locking Trojans.
The date of the 'evolution@rape.lol' Ransomware's campaign is new, with no attacks until the second week of December. Rather than attacking corporate networks, the 'evolution@rape.lol' Ransomware's authors are working against potentially more vulnerable, family-size businesses, as of the last reports. Some of its payload's configuration suggests that the 'evolution@rape.lol' Ransomware could be no more than a new version of the Everbe Ransomware, which does have a public, free decryptor.
The 'evolution@rape.lol' Ransomware runs a concealed encryption process that searches for media files to lock by encrypting each one with an algorithm, such as RC4, AES, RSA or XOR. The 'evolution@rape.lol' Ransomware also adds '.evolution' extensions to the ends of their names. The 'evolution@rape.lol' Ransomware also creates a Notepad file that the victim may find on the desktop or in a folder that has encrypted media, such as pictures and documents. This file carries some generic ransoming details (such as an ID and e-mails), and, also, includes blatant typos, raising the probability of the threat actor as a non-native speaker to a near certainty.
Evolving Your Defenses Faster than a Trojan's Weaponry
Freeware decryption software such as the InsaneCrypt Decryptor is a viable way of retrieving some locked data without risking a possibly fruitless ransom payment. However, file-locker Trojans experience monthly, and even weekly updating and malware experts also find most threats of the category as being non-decryptable for free. Keep your files backed up on appropriate locations, such as USBs and secondary, secured PCs, for crippling the 'evolution@rape.lol' Ransomware's efficacy.
Server admins should change their login credentials to avoid default strings or simple ones that a brute-force tool could crack. Spam e-mails are, also, a commonplace stage in file-locker Trojans' attacks, and the users should stay informed on the tactics and attendant security risks, such as fake billing notices, compromised Word macros and PDF vulnerabilities. Standard anti-malware services should block these threats safely, along with deleting the 'evolution@rape.lol' Ransomware, at any point.
There's little that's evolutionary about the 'evolution@rape.lol' Ransomware, which malware experts rate as little different from other, small-budget file-locking Trojans. It's one more threat to small businesses' bottom line, however, which is why preventing security risks should be every employee's daily habit.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.