FileSlack Ransomware
The FileSlack Ransomware is a file-locking Trojan that stops your text documents and other media from opening. Its encryption may or may not be capable of being reversed by third-party software, and the users should keep backups as a solution for an absence of freeware unlockers. This threat is only being seen on Windows machines, which the users should disinfect with anti-malware tools appropriate to uninstalling the FileSlack Ransomware as soon as possible.
The Negative Side of Slacking on Your PC's Security
A file-locking Trojan that's in circulation to Windows users is delivering several symptoms that don't line up with any of the preexisting families throughout the malware industry. While it blocks data for ransoming it, just like Hidden Tear or the Scarab Ransomware, the FileSlack Ransomware, also, provides a series of aesthetic and data-marking changes that are semi-unique to it. Whether or not the victims can get their files back to normal without either paying the ransom or having a safe backup is, unfortunately, not quantifiable, yet.
The FileSlack Ransomware uses an unknown method of encryption for blocking content and blocks text documents and other forms of media. Some samples appear, also, to be blocking their ransom notes, which are Notepad TXT files. However, this behavior isn't consistent and, of course, does nothing for helping the users recover their non-opening files. Any content that does receive encryption should be detectable by its '.FileSlack' extension, which the FileSlack Ransomware appends without removing the first one (for instance, 'bird.jpg.FileSlack').
Along with encryption, the FileSlack Ransomware also modifies the files by inserting additional zero byte markers into them, possibly as a means of obfuscating any decryption solutions. Its other, unique trait is a customized Notepad ransom note that provides a warning against file modification attempts and two e-mail addresses, but no upfront fee for the unlocker. In past cases, malware experts correlate the withholding of ransoming fees as a possible indicator of the criminals leaving themselves room for changing prices arbitrarily and maximizing profit – without, necessarily, giving victims the decryption service.
Stopping Your Files from Turning into Big Zeroes
Malware experts can't vouch for the security of the FileSlack Ransomware's encryption, which uses unexamined algorithms that could range from an easily-broken XOR to an impenetrable combination of AES and RSA. While decrypting files for recovering them directly, sometimes, is a possibility, most users should keep backups as a more dependable means of data recovery. Backing up documents, images, and other media to another device will guarantee its safety in cases of a file-locker Trojan's attack.
Even though its live distribution is definite, the FileSlack Ransomware's infection methods require further investigation. Threat actors tend to prefer using a combination of either brute-force attacks or spam e-mails for most file-locker Trojans' campaigns, but this preference is a soft one, and other sources of infection are possible. Most anti-malware products, if running with their latest databases updates, should delete the FileSlack Ransomware on sight, regardless of most installation exploits.
More remains to be discovered about the FileSlack Ransomware, including whether or not it's the first of a series of similar threats to its line. It may be a statistical blip or a significant surge against the rest of the RaaS industry, and, either way, it's up to the users to back up their files for safety's sake.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.