Meduza Ransomware
The Meduza Ransomware is a file-locking Trojan that encrypts your documents, pictures, and similar media with AES so that it can hold them for ransom. Attacks by this Trojan use local Web pages for their ransoming demands and may include other symptoms, such as hijacking filename extensions, swapping the desktop's wallpaper or deleting your Windows restore points. A traditional anti-malware product can remove the Meduza Ransomware while keeping it from harming your files, and any backups kept on other devices can give a victim a non-premium recovery option for their work.
The Program that Turns Your Files to Stone
A file-locker Trojan whose name may be referencing the petrifying gorgons of Greek myth or a Russian news aggregate is collecting hundreds of dollars in cryptocurrency from any victims whose files it can hold for ransom. The Meduza Ransomware campaign is, despite its name, not specific to Russian speakers, and is using English for its instructions. Its distribution exploits may range from spam e-mails to hijacking Web advertising services to RDP-focused, brute-force attacks against business, government or NGO networks.
The Meduza Ransomware uses an AES algorithm for locking various file formats by encrypting them automatically. While malware analysts have yet to analyze its encryption routine for possible security loopholes, some file-locker Trojans using this data-encrypting method can have their files 'unlocked' by freely-downloadable decryption software. The Meduza Ransomware also places a bracketed e-mail address and a '.meduza' extension in the filenames, which is a name-editing format that it shares with some similar threats, such as the Hidden Tear variant of the Boris HT Ransomware and some Scarab Ransomware familial members, like the Scorpio Ransomware.
Once it locks the user's text documents, image-related formats like GIF and JPG, and other work and recreational media file types, the Meduza Ransomware also creates a local Web page as its ransoming message. The text is a copy from other campaigns by file-locking Trojans with similar payloads, including the Scarab Ransomware, the KillDisk Ransomware and the Priapos Ransomware. Although it offers a decryption service for roughly five hundred USD in Bitcoins, the victims of these attacks should, if it's possible, avoid risking the payment, since criminals can accept the money without any penalties for not honoring the transaction.
Breaking Contact with the Glare of a Trojan Copycat
The Meduza Ransomware's 'borrowing' of old ransom notes doesn't confirm its identity as a relative of any of the older Trojans, and many threat actors prefer recycling the resources of separate campaigns. Users always should backup their most important files to other devices for safekeeping against file-locker Trojans, and all other threats that may delete, corrupt, or encrypt data automatically. Without such backups, the users can try restoring from a Windows Shadow Volume Copy or ask for help with any cyber-security specialists who have dedicated their time to analyzing similar threats.
Most file-locking Trojans' campaigns use one of the following methods for their circulation and installation:
- E-mail attachments, such as fake invoices, notifications about package deliveries, or news articles, may carry exploits, zero-day or otherwise, that enable the installation of the Trojan.
- Criminals attacking specific organizations may search for RDP vulnerabilities or use brute-force attacks against logins with inadequate password protection.
- Exploit Kits, such as the recent attacks through the RIG Exploit Kit and the Nebula Exploit Kit, may drop a variety of threats on your computer while you load an unsafe website in an unprotected browser.
Most delivery methods not using a remote attacker's manual intervention are preventable by appropriate anti-malware products, which can delete the Meduza Ransomware without letting your files come in danger.
Even though malware researchers have yet to place the Meduza Ransomware in a recognizable family like Hidden Tear formally, the Trojan's features speak for themselves. Not taking care of your digital media is a bad habit that could cost hundreds of dollars for those who don't break it.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.