flowEncryption Ransomware
The flowEncryption Ransomware is a file-locking Trojan that can prevent media files such as documents from opening. Users should keep backups of their work for recovering without ransoms or data loss. Most Windows anti-malware programs should identify and delete the flowEncryption Ransomware and block standard drive-by-download exploits appropriately.
A Trojan Starts Minimalist, but Threatening
When Trojans deviate from the expectations of their previous examples, there usually are reasons for it. With the newly-detected samples of the flowEncryption Ransomware, its prospective campaign raises more questions than answers. This threat is missing many of the tools that file-locker Trojans use for monetization and harming victims' files, but not, sadly, the feature for damaging media files.
Due to its being very recently-dated as of early July, malware researchers can confirm just two features in the flowEncryption Ransomware's payload. The first is an encryption-based file-locking routine, which can turn the user's local documents, pictures, archives, spreadsheets, and similar media, into non-opening hostages. The second is the identifier it inserts into their names: the 'flow' extension.
The flowEncryption Ransomware could be not ready for release into the wild, since its payload, for now, leaves out the traditional ransom note – such as a text file, an HTA pop-up, a desktop wallpaper or a local HTML Web page. Alternately, its threat actor might use the flowEncryption Ransomware as a means of sabotaging victims' systems or covering for other attacks, as is a notable tactic in some espionage campaigns. However, the most likely scenario is that the flowEncryption Ransomware soon will add ransoming demands to its payload, and sell a decryption solution to victims at a price of hundreds or thousands of dollars in Bitcoins or Monero.
Why a Half-Baked Trojan is More than Half a Threat
The flowEncryption Ransomware has less polish than the production line businesses of Ransomware-as-a-Service families visibly. Despite its limitations, the flowEncryption Ransomware can encrypt and block files for the indefinite future just as easily as any Hidden Tear, the Jigsaw Ransomware or a Scarab Ransomware variant. Also, since it's not part of a previously-known family, users have no options for unlocking or decrypting their media with free tools.
Backup solutions play a strong supporting role in counteracting all file-locking Trojans, whether they're minor ones like the flowEncryption Ransomware or enormous RaaS families. For optimal safety, malware experts encourage storing one or more backups on offsite cloud services and removable storage drives, preferably, with password protection. Until there are more details about the flowEncryption Ransomware's infection exploits, Windows users should conform to common-sense guidelines like disabling Flash, turning off document macros and refusing illicit or questionable downloads.
The flowEncryption Ransomware is, probably, not done yet, but it has the worst elements of a Trojan's payload in place. This foundation of encryption without consent is the baseline for problems that users should always prevent by taking easy steps for protection before a Trojan ever looks their way.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.