LittleFinger Ransomware
The LittleFinger Ransomware is a file-locker Trojan that may block different digital media types, such as pictures, spreadsheets or documents, by encrypting them. Its attacks also include Windows console pop-ups for delivering its ransoming demands. Having backups on another device can mitigate any non-consensual encryption damage, and most anti-malware programs should detect and delete the LittleFinger Ransomware promptly without requiring any additional intervention.
Trojans Giving Your Files the Finger
Looks like that the threat actors are either deploying or readying another campaign for locking files in return for money. The Trojan is using what could be the basis of Hidden Tear's 'freeware' code, and, otherwise, has a semi-unique infrastructure and ransoming methods that show little to no signs of any relationships with old ones. This threat, the LittleFinger Ransomware, has yet to have any confirmation of how it encrypts data, although malware experts rate the AES-256 as the most likely technique.
The LittleFinger Ransomware campaign's installation executable pretends to be a product of HP, which could circulate on compromised advertising networks or corrupted freeware websites. While malware experts have yet to note any live cases of infection scenarios, the LittleFinger Ransomware's payload includes the standard features of a file-locking threat, such as searching for media in different folders according to their formats, encrypting them, and adding an internal 'file marker.'
The LittleFinger Ransomware doesn't use the Notepad, HTML, or HTA-style ransoming messages of most file-locker Trojans, but does display a Windows text console pop-up. The contents show a 'fingerprint' ID, a 0.01 Bitcoin ransom demand with a working wallet address, and an e-mail for contacting the threat actor and receiving the decryption tool. The low cost of the ransom (under one hundred in USD value) leans the LittleFinger Ransomware's campaign towards being one not targeting businesses, NGOs or government systems, although malware experts, still, recommend against paying.
Taking Small Hands Off Your Media
With file-locking Trojans operating on small-scale profit margins, malware researchers find the threat in question more likely than usual of using erratic distribution exploits, such as torrents and bundling with downloads on fake freeware sites. However, the LittleFinger Ransomware also could compromise a Windows PC after gaining access through a brute-force attack that cracks a weak password, employ the drive-by-download capabilities of EKs like the Nebula Exploit Kit or abuse spam e-mails.
In all infection scenarios, having backups saved to another device is an essential security step for keeping your files safe from ransoming scenarios, including both encryption and potential deletion. Due to the vulnerability of some versions of Hidden Tear to free decryptors, victims without any backups should speak with a trusted anti-malware researcher for exploring other solutions. However, adequate protection by anti-malware programs should delete the LittleFinger Ransomware before its payload runs.
The LittleFinger Ransomware is after much less money than the attacks of Ransomware-as-a-Service rental services like the Globe Ransomware. However, it still means to do just as much damage as any other file-locking Trojan to your media, and should be treated as being just as threatening.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.