Litar Ransomware

The Litar Ransomware is a file-locking Trojan from the STOP Ransomware's Ransomware-as-a-Service family. RaaS Trojans 'rent' themselves out to third-party criminals who update the distribution exploits and ransoming addresses while blocking the digital media of victims of their choice. Backups and anti-malware services are equally critical for damage mitigation and removing the Litar Ransomware securely.

The Next File-Drowning Wave on Asian Shores

The STOP Ransomware's procession of file-encrypting operations against Asian nations remains a constant factor, as even the newest releases from its group are expressing a similar geographical predisposition. The Litar Ransomware, a recently-found sample of the Ransomware-as-a-Service business, is verifiably attacking victims in Indonesia, India, and at least one other country with the usual means: encryption and delivering ransom notes for a decryptor. Malware researchers can't confirm any other details about how the Litar Ransomware might be spreading or where it's targeting, and its name is a reference to a string that may have numerous, potential origins.

The Litar Ransomware's name is an acquisition from its symptom of adding 'litar' extensions onto any files that it encrypts and locks, just like Nusar Ransomware, the Davda Ransomware, the Dotmap Ransomware or the Muslat Ransomware – all of which are relatives. Besides potentially downloading other threats, such as, most notoriously, a password-collecting program, the Litar Ransomware uses AES encryption for blocking JPG pictures, DOC documents, and other media formats in multiple locations. Environments without Internet connectivity may prevent the Litar Ransomware from using its ideal encryption method, but the Trojan does have a built-in alternative.

The Litar Ransomware infections also can remove the user's Shadow Volume Copies, which are mandatory for recovering through a Restore Point and leave a TXT ransom note for the victims. These ransoming messages offer a decryption service at a price, although users have the risk of not getting anything in return for their payment. Most file-ransoming negotiations occur solely through cryptocurrencies with limited refund options.

A Levee for Containing the Rush of Ransoming Trojans

All of the attributes that the Litar Ransomware expresses in its campaign are archetypal of the STOP Ransomware family, even including its cross-border distribution at a relatively quick rate. Torrents and pirated product-related downloads are one of the more popular methods of distributing these threats. On the other hand, malware experts recommend that server administrators take other precautions besides avoiding unsafe downloads, including turning RDP features off, using sophisticated passwords and 2FA, and updating all software.

Decryption solutions for the Litar Ransomware's family are present but sharply restricted by the form of encryption that the Trojans use. Some victims may recover through public decryption software for the STOP Ransomware, specifically, but any attack that uses a dynamic key is secure against this recovery option. Hence, all users should be sure of keeping backups of any work in another place, instead of just on a single, vulnerable PC.

Anti-malware products of nearly all brands can identify STOP Ransomware's variants, despite its frequent updates. To remove the Litar Ransomware comprehensively, disable your Internet connection and reboot through Safe Mode before scanning the system with the anti-malware solution of your choice.

As little time as setting up an automatic backup requires, some users think they can do without it. The Litar Ransomware, and file-locking Trojans like it, are proving differently.