Legend Ransomware
The Legend Ransomware is a file-locking Trojan from the VoidCrypt Ransomware family, which blocks the user's files for extorting a ransom. Along with converting files to non-opening ones with its encryption, the Legend Ransomware can create ransom notes in HTA formats, stop some file-managing programs and change the extensions on files' names. Users should protect their work with appropriate backup standards and let a dedicated security solution remove the Legend Ransomware promptly.
A Legend of Software in No One's Mind
With the VoidCrypt Ransomware family's continuing growth, Windows users, and server admins, especially, require daily diligence for backing up their work and keeping it from being taken as a digital hostage. This file-locker Trojan family adds members at a steady rate, as seen with samples like the Decme Ransomware, the Exploit Ransomware, the K2 Ransomware, the Konx Ransomware and more. The Legend Ransomware is recent confirmation as of December 16th that the Trojan's group thrives, even in the highly-competitive Ransomware-as-a-Service scene.
The most apparent symptom of a Legend Ransomware infection is being unable to open files, such as documents, which the Trojan blocks by encrypting them using an, unfortunately, secure algorithm. Secondarily, victims can observe new extensions on their files. Malware experts verify they stick to the VoidCrypt Ransomware pattern of an e-mail (for speaking with the attacker), an ID and a campaign phrase ('legend'). Less obviously than either of these issues, but still concerning, the Legend Ransomware also may disable programs without the user's consent, a feature that it abuses to shut off SQL server-managing software.
Most VoidCrypt Ransomware versions also create a standardized HTA (advanced HTML) window that serves as a ransom note. The Legend Ransomware continues this stereotype, with few updates besides the e-mail addresses and victim ID string. As long as they have other means of unlocking or restoring their files, users should avoid paying these ransoms, incentivizing more threat development.
Raising Legendary Defenses for Copy-Pasted Trojan Assaults
There are no definite infection vector samples for the Legend Ransomware's campaign. It may use exploits that vary from drive-by-downloads on corrupted websites to crafted e-mail attachments custom-made for the target. Server and network administrators also should keep in mind the possibilities of 'passive' vulnerabilities, such as outdated software or weak passwords, that can lead to attacks. File-locking Trojans' campaigns usually will target entities, either private or public, with low-security standards that make for easy ransoming.
Victims have no free decryptors available for unlocking their files directly. As this holds for most file-locker Trojans' families, malware analysts strongly endorse preemptive backup standards, such as saving backups to air-gap-protected devices or cloud storage with password protection. These precautions can offer a more dependable – and cheaper – recovery option for any files than the Legend Ransomware's ransom.
This threat belongs to a well-known and thoroughly-analyzed family with little protection from security software. Most AV vendors provide products capable of removing the Legend Ransomware or blocking its installation exploits.
The Legend Ransomware does little for living up to its name, but such is the usual story with 'free' Trojans from GitHub. What's inexpensive for criminals can be just the opposite for a victim, though, which is why a daily backup remains valuable for everyone.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.