Iiss Ransomware

The Iiss Ransomware is a file-locker Trojan that's part of the Ransomware-as-a-Service of the STOP Ransomware. The Trojan can block most media files throughout the computer while deleting backups and creating ransom notes extorting money from victims. Users with practical anti-malware tools can remove the Iiss Ransomware safely before recovering their files from any remaining backups.

A Trojan Business Offers Tricks on Hard Drives for Treats

File-locker Trojans can use seasonal themes that rotate with the most topical events, but not every threat actor invests so much into decorative elements. The STOP Ransomware decidedly is one of the most static Ransomware-as-a-Service families of 2020. With dozens of variations on its core software, it's little more than semi-random names atop a foundation of data-encrypting attacks. Even as autumn holidays near, new versions, like the Iiss Ransomware, are almost wholly swappable with their many kin.

First identified in late October, even the Iiss Ransomware's name swap adheres to its RaaS family's usual norms, bearing a random choice of four alphabet characters. It also remains built for Windows OSes, using an AES-based encryption feature that can lock most media files, such as text documents, spreadsheets, databases, pictures or music. The Trojan adds the first four letters of its name as identifying extensions for the now-locked files. In most instances, malware analysts judge the blocking method secure from third-party solutions. However, there are sporadic cases of the STOP Ransomware variants using a less-secure, default encryption method when they can't access their C&C servers.

The Iiss Ransomware's ransom note is a text file identical to ones from recent family members like the Copa Ransomware, the Efji Ransomware, the Kolz Ransomware and the Moss Ransomware. It asks for nearly one thousand USD, or half that for victims who pay within a deadline, and uses generic, family-based e-mail addresses for negotiating. Those who pay may or may not get their files unlocked; victims should remember that threat actors are under no binding obligations for honoring their word and that legal recourse against fraudulent Bitcoin transactions is highly limited.

Steering Away from Holiday Scares from Traditionalist Trojans

Although the Iiss Ransomware's campaign is in time for Halloween, samples of the Trojan show few changes, besides the name, from other versions of the STOP Ransomware that run rampant year-round. Infection scenarios can have their damage potential sharply cut by users saving their backups to other devices that the Trojan can't encrypt – or delete, in the case of the Restore Point-wiping feature. Networks also are at risk of having connected systems compromised through supporting threats and Black Hat tools especially, such as spyware (AZORult, Mimikatz, etc.).

Besides the value of secure backups, Windows users should remember the importance of preventing infections from well-known sources. Business entities often are targeted by phishing lures enclosed in e-mail messages, either as attachments or website links. Home users also can harm their PCs by downloading torrents and illicit software, known distribution channels for some versions of the Iiss Ransomware's family. Features like JavaScript, Flash, and document macros all tend to involve themselves in drive-by-downloads, which are preventable by turning them off and patching software.

The STOP Ransomware (or Djvu Ransomware) family is long-known to the cyber-security industry, and most threat-detecting services will flag it. Users with appropriate security software can depend on these programs for accurately removing the Iiss Ransomware before any harm comes to their work files.

The Iiss Ransomware is an expensive proposition for a 'trick' on one's digital porch. When the treats it demands are nothing less than hundreds of dollars, anyone who wants their files and their money intact should appropriately secure their computer's media.