INFOWAIT Ransomware

Posted: November 20, 2018

INFOWAIT Ransomware Description

The INFOWAIT Ransomware is a part of the STOP Ransomware family of file-locking Trojans. The INFOWAIT Ransomware may lock different media files on your PC with unbreakable the AES and RSA encryptions, as well as create messages asking for money for the decryptor. Use backups for recovering your work only after uninstalling the INFOWAIT Ransomware with a trusted anti-malware product for preventing any additional encryption of data.

A Trojan Family Making You Wait at Their Leisure

The latest variant of the STOP Ransomware family, which uses features very similar to those of the Crysis Ransomware's Ransomware-as-a-Service business, is in receiving preliminary analysis after a sample's identification, courtesy to a researcher from ADC-Soft. The INFOWAIT Ransomware is nearly identical to a past member, the DATASTOP Ransomware, which, at first, was suspected of being independent. The similarities between these threats and other STOP Ransomware releases, like the INFOWAIT Ransomware and the DataWait Ransomware, make it clear that threat actors can make some profit from their campaigns increasingly.

The INFOWAIT Ransomware and other members of its family use the AES encryption for locking documents, databases, Excel spreadsheets, images and other media formats. They also secure it with a second layer of RSA that prevents security researchers from decrypting any content easily. The current version of the INFOWAIT Ransomware that malware experts have available is pretending that it's a software update for hiding on the Windows systems, but its infection strategy may use a different tactic or disguise.

Besides the extension that it shares with DATASTOP Ransomware, the INFOWAIT Ransomware also uses the same address for negotiating as 'savefiles@india.com' Ransomware, which narrows down the identity of the threat actors significantly. Users can find details of the ransoming instructions with these credentials in a text file, although malware experts recommend against paying. It's not yet known if the use of a new file-locker Trojan indicates that the prior campaign is no longer active or suffering issues with avoiding current AV services.

Stopping Trojans Before They can Stop Your File

Some Ransomware-as-a-Service families use low-sophistication infection tactics, such as distributing 'free' downloads of premium products over torrent networks or corrupted websites. In general, however, malware experts see the following vulnerabilities as being more likely of leading to the INFOWAIT Ransomware infections and attacks:

  • Short and low-complexity passwords can put your logins at risk of compromise from a brute-force attack. Server admin accounts are at high risk from these attacks installing a file-locking Trojan like the INFOWAIT Ransomware.
  • Spam e-mail is a second, popular strategy for compromising victims, such as business employees using network-accessible systems. The accompanying Trojan dropper is, often, disguising itself as a work memo, an invoice, an automatic notice from office hardware or a news article

Some infection vectors could allow the INFOWAIT Ransomware's installation to occur without your consent via the threat actor's having backdoor access, while others use exploits and other threats for installing it in a series of hidden, background processes. However, as long as they're not disabled, most anti-malware programs should delete the INFOWAIT Ransomware before it begins a data-encrypting attack.

Malware researchers hope to see fewer members of the STOP Ransomware family, in the future. Nonetheless, any reductions in the profit of Trojans like the INFOWAIT Ransomware requires victims taking better care of their files, backups, and software updates than previously.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to INFOWAIT Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware INFOWAIT Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.