Home Malware Programs Ransomware Montana Ransomware

Montana Ransomware

Posted: October 26, 2020

The Montana Ransomware is a file-locking Trojan that updates previous threats, including the LeakTheMall Ransomware and the Hermes Ransomware. The Montana Ransomware blocks users' files by encrypting them and holds the data hostage, supposedly, until the attacker receives a ransom. Users on Windows systems always should back their work up for safety's sake and maintain anti-malware services for efficiently removing the Montana Ransomware.

Following along with a Trojan Group's Travel Log

New versions of the Hermes Ransomware family, a several-year-old threat, are taking geographical themes that might imply the victims' locations – or, alternately, be random. While one variant, the Beijing Ransomware, is borrowing the name of China's capital, another version, the Montana Ransomware, uses that of an American state. Mysterious targeting metrics aside, malware analysts confirm both the encryption that blocks files and the appearance of a new ransom note.

Although the Montana Ransomware words its demands differently from its brother Trojan, the underlying instructions and expectations are identical. The Trojan delivers these text messages with the plan of forcing victims into paying a ransom for unlocking their files after the Trojan blocks them through a secure form of AES encryption. Malware experts see few chances of the development of a free solution to this encryption attack, which is secure throughout many variants of the family, including Ryuk Ransomware, the MARRACRYPT Ransomware and the RYK Ransomware.

The Montana Ransomware's note does mention targeting network-based entities, which is very common among file-locker Trojans. Threat actors can introduce Trojans to these targets after brute-forcing admin accounts' login credentials or by hijacking insecure RDP features. Some of the threats that malware researchers see deploying during these attacks include spyware, such as Mimikatz.

Stopping Trojans from Erecting Mountains of Ransoms

The Montana Ransomware's theme might collect from the Mountain States region of the USA, but the strings that Trojans use can be random. There are few indications that the Montana Ransomware would limit its campaign to the US significantly since malware researchers link past Hermes Ransomware attacks to Taiwan and other Asian regions. Generally, Windows users with internet access should behave as if they're at risk from file-locking Trojans like the Montana Ransomware.

While browsing the Web, users should turn off features that attackers might exploit, such as JavaScript, Java and Flash. Together with updating software, using secure passwords, and avoiding risky behavior around e-mail attachments, these steps should keep most Windows systems safe. Still, malware researchers always recommend having backups, regardless – particularly, since the Montana Ransomware's family has historical connections to zero-day exploits that aren't fixable with a patch.

As with most well-known Trojan's families, security solutions will identify and delete the Montana Ransomware, either by its family or through general-purpose heuristics.

The Montana Ransomware could cause incalculable harm to any average office network, along with destroying users' more personal files. Recovery by ransom is a calculated gamble, but the odds never favor the one who pays.

Loading...