Home Malware Programs Ransomware INFOWAIT Ransomware

INFOWAIT Ransomware

Posted: November 20, 2018

The INFOWAIT Ransomware is a part of the STOP Ransomware family of file-locking Trojans. The INFOWAIT Ransomware may lock different media files on your PC with unbreakable the AES and RSA encryptions, as well as create messages asking for money for the decryptor. Use backups for recovering your work only after uninstalling the INFOWAIT Ransomware with a trusted anti-malware product for preventing any additional encryption of data.

A Trojan Family Making You Wait at Their Leisure

The latest variant of the STOP Ransomware family, which uses features very similar to those of the Crysis Ransomware's Ransomware-as-a-Service business, is in receiving preliminary analysis after a sample's identification, courtesy to a researcher from ADC-Soft. The INFOWAIT Ransomware is nearly identical to a past member, the DATASTOP Ransomware, which, at first, was suspected of being independent. The similarities between these threats and other STOP Ransomware releases, like the INFOWAIT Ransomware and the DataWait Ransomware, make it clear that threat actors can make some profit from their campaigns increasingly.

The INFOWAIT Ransomware and other members of its family use the AES encryption for locking documents, databases, Excel spreadsheets, images and other media formats. They also secure it with a second layer of RSA that prevents security researchers from decrypting any content easily. The current version of the INFOWAIT Ransomware that malware experts have available is pretending that it's a software update for hiding on the Windows systems, but its infection strategy may use a different tactic or disguise.

Besides the extension that it shares with DATASTOP Ransomware, the INFOWAIT Ransomware also uses the same address for negotiating as 'savefiles@india.com' Ransomware, which narrows down the identity of the threat actors significantly. Users can find details of the ransoming instructions with these credentials in a text file, although malware experts recommend against paying. It's not yet known if the use of a new file-locker Trojan indicates that the prior campaign is no longer active or suffering issues with avoiding current AV services.

Stopping Trojans Before They can Stop Your File

Some Ransomware-as-a-Service families use low-sophistication infection tactics, such as distributing 'free' downloads of premium products over torrent networks or corrupted websites. In general, however, malware experts see the following vulnerabilities as being more likely of leading to the INFOWAIT Ransomware infections and attacks:

  • Short and low-complexity passwords can put your logins at risk of compromise from a brute-force attack. Server admin accounts are at high risk from these attacks installing a file-locking Trojan like the INFOWAIT Ransomware.
  • Spam e-mail is a second, popular strategy for compromising victims, such as business employees using network-accessible systems. The accompanying Trojan dropper is, often, disguising itself as a work memo, an invoice, an automatic notice from office hardware or a news article

Some infection vectors could allow the INFOWAIT Ransomware's installation to occur without your consent via the threat actor's having backdoor access, while others use exploits and other threats for installing it in a series of hidden, background processes. However, as long as they're not disabled, most anti-malware programs should delete the INFOWAIT Ransomware before it begins a data-encrypting attack.

Malware researchers hope to see fewer members of the STOP Ransomware family, in the future. Nonetheless, any reductions in the profit of Trojans like the INFOWAIT Ransomware requires victims taking better care of their files, backups, and software updates than previously.

Loading...