Home Malware Programs Ransomware Isolated Ransomware

Isolated Ransomware

Posted: July 4, 2019

The Isolated Ransomware is a file-locking Trojan from the family of Trojans known either as the Aurora Ransomware or the OneKeyLocker Ransomware. It uses encryption for keeping files from opening, flags their names with an extra extension, and creates text messaging asking for Bitcoin ransoms. Users can avail themselves of free decryption services if they need them, and anti-malware tools for removing the Isolated Ransomware in appropriate safety.

A Data Isolationist at Work

A new variant of an old Trojan is hiding as a fake installer for Oracle's Java software while proceeding with attacks that keep your files from opening. This file-locking Trojan's executable uses a relatively thin disguise of 'Java' for its name, without the backing of a digital certificate or much obfuscation. Like other members of theAurora Ransomware family, though, the Isolated Ransomware's payload is a direct danger to the victim's data.

The Isolated Ransomware's family Trojans – which also has variants like the AnimusLocker Ransomware,the '.cryptoid File Extension' Ransomware, the CryptoID Ransomware, and the Japan-themed Desu Ransomware – most often target vulnerable Web servers through their RDP settings. After gaining access through that Remote Desktop Protocol feature, the criminal drops and runs the Isolated Ransomware or one of its relatives. The Trojan, then, encrypts local media (databases, documents, etc.), using algorithms such as XTEA, RSA and DES.

The Isolated Ransomware's addition of the 'isolated' extension into the filename is one of the few changes that make it any different from the previous variants. It's also using the traditional text message template for the Aurora Ransomware, which demands a ransom for its Bitcoin wallet. Malware experts can confirm no current activity in the Isolated Ransomware's address, and it may not be in deployment, yet.

Rescuing Your Server's Contents from Extreme Isolation

Users who pay the ransom for the Isolated Ransomware are doing so for no good reason since the free decryption service for Aurora Ransomware is compatible with all known versions of this threat. However, encryption isn't always so undoable, and malware experts recommend against assuming that decryption is available for every kind of file-locking Trojan. A well-maintained backup strategy is one of the best defenses that website admins and all users, in general, can possess against any threats of the Isolated Ransomware's classification.

Admins also can improve their server's defenses by turning RDP off when it's unused. If that's impossible, you can secure the feature with unique passwords, update all software for cutting down on security flaws, use restrictive firewall rules and implement NLA.

Four out of seven AV vendors are identifying the Isolated Ransomware, with the majority of detections being generic. However, this Trojan has limited protection against its removal by security products, and any thorough anti-malware scan should eliminate the Isolated Ransomware, along with other threats.

Malware experts don't see many versions of the Aurora Ransomware. With the Isolated Ransomware, the reasoning for this becomes more apparent than ever: criminals have to hope that their victims won't find obvious, online solutions to their problems.

Loading...