Home Malware Programs Ransomware LANDSLIDE Ransomware

LANDSLIDE Ransomware

Posted: December 10, 2020

The LANDSLIDE Ransomware is a file-locking Trojan that doesn't have a known family. Besides blocking files with encryption, it creates pop-up and text messages with ransom demands and adds its extension (plus ransoming information) onto files' names. A secure, non-local backup is a practical recovery resource for all Windows users, supported by PC security services for safely deleting the LANDSLIDE Ransomware.

Trojans Sliding Onto Files from Out of Nowhere

Despite the excellent market share – albeit, Black Market – of Ransomware-as-a-Services on the Dark Web, file-locking Trojans without prior business connections are equally viable threats. The Windows Trojan of the LANDSLIDE Ransomware proves that families like the Djvu Ransomware and the Scarab Ransomware will have to work for their ransom-based paychecks against the seemingly-free competition. Although its attack methods aren't odd, the LANDSLIDE Ransomware features minor, artistic touches that make remembering this file-locking Trojan easier than some.

The LANDSLIDE Ransomware is a Windows program that implements a standard encryption feature for 'locking' files and keeping them from opening. This attack, archetypal among Trojans of the kind, usually is irreversible without a key or decryption tool, which the attacker withholds while they demand a ransom. The LANDSLIDE Ransomware also adds a Gmail address, an ID, and the 'LANDSLIDE' string onto files' names as extensions, which is a pattern that malware experts often (but not exclusively) associate with Ransomware-as-a-Services.

The HTA pop-up readme file and its Notepad counterpart clarify the attacker's motives and, possibly, culture. The Trojan's note uses a heavily-stylized format that's reminiscent of an account login prompt or a programming function and offers an initial free sample of the unlocker 'to build trust.' The LANDSLIDE Ransomware asks for an unknown amount of Bitcoins for restoration and refers to Russian rubles as an example, although the note is in English.

As a place of targeting victims or as a base of operations for a threat actor, Russia is a common theme in file-locker Trojans' campaigns, such as in families like Scarab Ransomware. The chance of the LANDSLIDE Ransomware's using infection vectors, such as torrent clients, specific to that locale is high. Still, malware analysts caution that it could harm Windows users' files almost anywhere in the world.

Ducking Out of Negotiations with Shaky Trust

Since malware experts don't confirm examples of the LANDSLIDE Ransomware's deleting the Restore Points, the LANDSLIDE Ransomware infections could be one of the few cases where victims have a recovery option at their fingertips. Still, most Windows users should prepare backups on other devices for a more-dependable restoration path. File-locker Trojans' encryption usually is secure against third-parties, although further analysis of the LANDSLIDE Ransomware may reveal currently-undiscovered vulnerabilities in its locking method.

For home users, avoiding illegal, unofficial, and unverified download resources will evade many of the bundles, Exploit Kits, and other packages that Trojans use for their circulatory needs. On the other hand, administrators bear the burden of updating server software, selecting safe passwords, and blocking unauthorized access to RDP features. In some attacks, threat actors even tailor their Trojan-delivering files to the target, such as imitating a coworker's correspondence or industry-specific news articles.

Due to samples being new and unrelated to any well-known families, threat databases may require fine-tuning for correctly identifying this Trojan. Malware researchers recommend users always update their anti-malware services, retain samples for interested researchers, and have appropriate security products remove the LANDSLIDE Ransomware when possible.

As its warning message states so enthusiastically, the LANDSLIDE Ransomware may attack either single computers or business-related servers with equal impunity. Rather than giving this unknown Russian a ransom for it, victims should have better recovery options in hand.

Loading...