InfoDot Ransomware
The InfoDot Ransomware is a file-locking Trojan that has no known family or Ransomware-as-a-Service business. Its attacks are, however, similar to those of most Trojans of the category, and include encryption for blocking your digital media, ransom messages and filename changes. Users should have a safe backup as the best alternative to decryption, and keep anti-malware services active for removing the InfoDot Ransomware whenever appropriate.
The Smallest Dots of Information on New Trojans
File-locking Trojans usually coincide with Black Market RaaS businesses or the widespread release of 'free' code, such as Hidden Tear. Some exceptions test the general trend, though, such as the InfoDot Ransomware. This file-locking Trojan has no known connections with the thousands of previous ones but remains threatening equally. The victims in question include Windows users' text documents, pictures and other media.
The InfoDot Ransomware targets Windows environments and is engaged in attacking targets as of late October actively. Although malware researchers have limited leads on its infection routes, threat actors may circulate it via torrents, e-mail attachments, browser Exploit Kits, or by brute-forcing past a target's login credentials. Like most file-locker Trojans, the InfoDot Ransomware uses a combination of AES and RSA algorithms – in this case, AES-256 in CBC mode and RSA-2048 keys.
This encryption method 'locks' files on the computer, such as work documents effectively, while the InfoDot Ransomware also adds its extension and e-mail addresses to their names. However, the program also supplements this information with an HTML ransom note in English. Malware experts recommend against paying ransoms, generally, but in this case especially. The InfoDot Ransomware's threat actor is providing a decryption service, but the instructions or software provided include issues that prevent any media recovery.
Putting the Pieces of Information Safely Together
Tracking the 'dots' of information that the InfoDot Ransomware's attacks are leaving behind shows a preference for corporate or vulnerable smaller business victims who can afford to hire security sector resources for facilitating data recovery. Unfortunately, no amount of money thrown at a problem can make the InfoDot Ransomware's OpenSSL encryption any less secure. To date, at least two victims have resorted to paying the ransom into the InfoDot Ransomware's Bitcoin wallet, but malware researchers see no evidence of a successful unlocking.
Although it's less obvious to any observing victims, the InfoDot Ransomware includes other features besides the encryption-and-ransom combination. It also loads the Windows CMD application, which may issue various system commands – including deleting files. Less commonly, it also accesses Taskkill, which could let the InfoDot Ransomware auto-terminate other programs' memory processes at will.
Current evasion rates by the InfoDot Ransomware's samples are at fifty percent, but time should improve the security industry's detections of this Trojan. Update your anti-malware services routinely for helping them remove the InfoDot Ransomware as soon as possible and before any files experience encryption.
The InfoDot Ransomware is unique in a few ways, but a cliché in others. It's always worth keeping an eye on what independent threat actors, and their equally-custom Trojans, are doing since their profits mean other people's misery.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.