Fresh Ransomware
The Fresh Ransomware is a file-locker Trojan that's part of Dharma Ransomware's family, a Ransomware-as-a-Service that hires its Trojans out to third-party criminals. Safe backups are essential for protecting data from this threat, which can block files indefinitely with its encryption routine. However, most Windows users also can avail themselves of appropriate security services to stop attacks or uninstalling the Fresh Ransomware immediately.
A Fresh Helping of a Leased-Out Trojan
The Dharma Ransomware family maintains a neck-and-neck prominence with its competition, the STOP Ransomware, in the Ransomware-as-a-Service sector of the threat landscape. From 2016's 'Lavandos@dr.com' Ransomware and the Supermagnet@india.com Ransomware to 2020's FLYU Ransomware, the Biashabtc@redchan.it Ransomware, and the Fresh Ransomware, little has changed about its method of attack.
The Fresh Ransomware's main point of difference is the updated e-mail address, specific to the threat actor who's distributing it. Users can see this address, along with a 'fresh' extension, on the names of the files which the Fresh Ransomware blocks – using, as always, an RSA-secured AES encryption algorithm. This feature is well-known for being secure against third-party recovery solutions without unusual circumstances, such as database leaks or bugs. The Trojan locks media formats like documents, spreadsheets, music, or pictures preferentially, for some significant examples.
Besides the encryption feature, the Fresh Ransomware may terminate some services or programs that block its access to the victim's files. Malware researchers also regularly observe the deletion of the Restore Points in all the Fresh Ransomware's family's variants, which removes a 'default' recovery option for many users. Generally, victims should de-prioritize the ransom demands in the Fresh Ransomware's HTA and TXT files, since paying for the threat actor's decryptor doesn't guarantee that users will get one.
Freshening Up Data Protection against Redundant Trojans
The Fresh Ransomware offers nothing to the threat landscape that it hasn't already seen before, as with most of the campaigns originating from a Ransomware-as-a-Service. This redundancy, however, means that users don't need to make enormous adjustments to their defenses. The more critical security protocols malware experts recommend for fighting file-locker Trojans preemptively include:
- Saving backups to another device is an efficient and inexpensive recovery method for files that the Fresh Ransomware encrypts.
- Using strong password security can prevent attackers from gaining access to systems through dictionary attacks against their credentials.
- Updating software can remove vulnerabilities that criminals might exploit, such as frequently-used privilege escalations.
- Disabling features such as document or spreadsheet macros, Flash, Java, and JavaScript will, likewise, leave users less at risk from exploits.
- Avoiding illicit download resources can help prevent exposure to Trojans, whose installers are bundling with other files.
The Dharma Ransomware family's encryption is secure, and it wipes local backups, meaning that users have limited alternatives for recovery after the fact. Malware experts still recommend appropriate cyber-security products for catching or deleting the Fresh Ransomware during attempted attacks.
Ironically, there's not so much in the Fresh Ransomware's payload that freshens up its industry. Its lack of ambition is a boon to victims, who can depend on traditional solutions to cloned Trojans without much separating them from each other, besides their names.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.