INDRIK Ransomware
The INDRIK Ransomware is a file-locker Trojan that blocks media by encrypting it and holds it for ransom. The INDRIK Ransomware also appends its campaign-specific extension into the names of these files, creates Web pages as ransom instructions, and may create other issues, such as erasing your backups. Traditional anti-malware programs should delete the INDRIK Ransomware automatically, but the users should protect their content by backing it up as a failsafe precaution.
Bitcoins for Blocking Data Steps Boldly into the New Year
Although there is adequate evidence of past families of file-locker Trojans continuing their development into 2019, new attacks are implying the ongoing presence of separate and independent competition, such as the INDRIK Ransomware. Whether or not its file-blocking mechanism is reversible without the threat actor's help is, unfortunately, uncertain. Although its resources use some copy-pasted elements from old campaigns, the INDRIK Ransomware is not a perceptible update of the Globe Ransomware, the Crysis Ransomware or other RaaS or freeware families on the dark Web.
The INDRIK Ransomware's methodology does, however, resemble the standard operating procedure of a Ransomware-as-a-Service attack: after compromising a Windows machine, it begins searching for files and locking them by an unknown mechanism. The locking procedure converts each file individually, most likely, using AES or another, prominent algorithm, such as RSA or even XOR. The INDRIK Ransomware also adds 'INDRIK' extensions (readers should note the capitalization, which is unusual) to each name.
With the PC's media taken from its owner, the INDRIK Ransomware proceeds with the ransoming portion of its payload, which creates a local Web page. The page provides an ID, a deadline with an accompanying timer, and instructions in poor English for contacting the threat actor. Malware experts advise against bargaining for a decryptor or paying a ransom, but any victims may benefit from the criminal's 'free sample' of the decryption solution.
Don't Take a Page from a Greedy Trojan
The INDRIK Ransomware's ransom note's warning of 'military grade' encryption isn't accurate necessarily, and malware experts see almost identical claims circulating in completely different Trojans' campaigns. A file-locker Trojan's attacks may or may not be decryptable by the variety of free tools available on the Web, or premium services from appropriate cyber-security organizations. The users should depend on remote backups for the easiest data restoration possible but can contact a reputable anti-malware researcher for further help with investigating the INDRIK Ransomware's encryption strength.
The dangers of following the recommendations of the INDRIK Ransomware's Web page include corrupting your files with a non-working decryption solution, or, even more likely, losing the ransom permanently to a criminal who gives no services back. The users can take up a variety of means of protecting their files, including backing them up to other devices, avoiding spam e-mails, or disabling risky browser features (such as Flash and Java). Most anti-malware tools should delete the INDRIK Ransomware safely, as malware experts don't anticipate any exceptional evasion or defense functions in threats of this category.
January is providing many of the same problems for unprotected PCs as last year, including spyware and hostile data encryption. One's new year resolutions, ideally, should include what's best for your files – such as keeping a backup or two – as well as what's best for your person.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.