Math Ransomware
The Math Ransomware is a file-locking Trojan that's a variant of the Jigsaw Ransomware. Trojans of this origin are notable for both blocking files with encryption and deleting them in large quantities, under various trigger conditions. Users should have a favored anti-malware product remove the Math Ransomware immediately and recover from any available backups.
More Pieces for the Cyber-Extortion Puzzle
The Jigsaw Ransomware is one of the most notorious families of file-locking Trojans, despite being nowhere near as propagation-heavy as the typical Ransomware-as-a-Service like the Globe Ransomware, or the widely-abused Hidden Tear. With data-deleting attacks as supplements to its encrypting ones, any Trojan that uses the Jigsaw Ransomware as its basis is a probable threat to nearly anything on the user's hard drive. The Math Ransomware is a recent and unhappy reminder that this old family from 2016 isn't anywhere near the end of its lifespan just yet.
The Math Ransomware is a minor followup after major forks like the Ramsey Ransomware and the old campaigns of the LOCKED_PAY Ransomware, the buggy Rodentia Ransomware, and the DeltaSEC Ransomware. Infections will seek to lock files through encrypting them securely, with a particular focus on documents like DOCs or TXTs, pictures like BMPs or JPGs, audio, spreadsheets and archives. The Trojan's name is from the extension it inserts after the locking effort, which lets victims identify the 'hostages' at a glance visually.
The Math Ransomware also creates what malware researchers note is a slightly-edited version of the Jigsaw Ransomware's default pop-up. The background uses a different, Anonymous hacktivism-themed image, and the language is, notably, Italian instead of English. However, other elements of it are identical, such as asking for 0.04 Bitcoins to the criminal's wallet (which has no transaction history at this time).
Crunching the Numbers on the Math Ransomware Campaign
Although a fraction of a Bitcoin sounds like a small ransom, the price equates to over two hundred USD – a traditional asking price for the file-locking Trojans that target PC users randomly. Distribution exploits for the Math Ransomware are showing no clues in current samples, although malware experts expect such vectors as torrents or compromised advertising networks. Users should avoid downloading suspicious files and scan new downloads for threats, as well as being careful with high-risk features like JavaScript, Flash and macros.
Uniquely to the Jigsaw Ransomware variants like the Math Ransomware, users should avoid restarting their computers without any additional precautions. This Trojan can delete files on every reboot, as well as according to the countdown in its pop-up. Disabling the Math Ransomware by means such as booting through a removable device directly, like a custom USB stick, is highly recommended.
Backups are the only guarantee any user has of recovering content that this Trojan deletes or encrypts. However, most anti-malware products will remove the Math Ransomware and other versions of the Jigsaw Ransomware easily.
The Math Ransomware's background mocks its victims with math equations, but doing the numbers behind ransoms versus decryption help leads to depressing results. Depending on a criminal's sense of honor after rewarding them with cryptocurrency is far from a free restoration for anyone's files, whether the Math Ransomware deletes them or not.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.