Morseop Ransomware
The Morseop Ransomware is a file-locking Trojan that's a significant update of the Sfile Ransomware family. The Morseop Ransomware blocks files from opening with a secure encryption feature and holds the data for ransom and threatening to sell it on the Dark Web. Users should have anti-malware products to block or delete the Morseop Ransomware and secure backups of their files for a ransom-free recovery path.
Trojans Getting Hands-On with Business Data
The small family of the Sfile Ransomware, previously known for variants like the ESCAL Ransomware, receives updates to its payload and obfuscation. A new release, the Morseop Ransomware, shows a sufficient revamp to avoid identification as part of its family from many cyber-security products, although the attack plans remain the same. The Morseop Ransomware takes data hostage, even selling it potentially while insisting on a ransom from the unfortunate owners.
The Morseop Ransomware's family, mostly, targets poorly-protected business networks, which may be broken into by brute-forcing passwords or employees opening corrupted e-mail attachments. After its introduction to the system, the Morseop Ransomware starts encrypting files using AES-256 and RSA-2048, the infamously-secure combination that blocks files in most Ransomware-as-a-Services. The attack keeps the media from opening, while the Morseop Ransomware identifies them with its name and an additional string ('7j9wrqr') that could be a random variable per victim.
The Morseop Ransomware ransom note, an INF text file, asks for the same things as its older brother, the ESCAL Ransomware. It specifies a Bitcoin-based payment and provides two addresses for speaking with the threat actor over the unlocking service. While such a scenario is very typical, the Morseop Ransomware's family has extra leverage, as well. The Sfile Ransomware variants also warn that they can sell the owner's files to third parties on the Dark Web, which gives incentive for the ransom even if there's a recoverable backup.
Keeping Your Server's Contents Out of Auction
Although malware analysts can't verify 'auctions' of the type the Morseop Ransomware asserts taking place, all users should implement precautions that protect their documents and other files before attacks happen. Admins should be especially cautious about choosing passwords and maintaining software update schedules, which, in neglectful conditions, can offer vulnerabilities that threat actors exploit. All users also should be alert to possible e-mail attacks, which will usually have disguises like attached documents that pretend that they're invoices, hardware notifications, delivery alerts or resumes.
Recovery of any data that the Morseop Ransomware locks might be impossible even if the victimized business submits to the Bitcoin ransom. Not all threat actors will abide by these agreements, and some of them also provide fake 'samples' of decrypted media that are additional threats. Durable and regularly-updated backups on other devices will serve all businesses, whether they're small or enterprise-grade, for defense against the Morseop Ransomware.
Windows-compatible anti-malware solutions will detect the Sfile Ransomware family and remove the Morseop Ransomware immediately. However, most products identify the Trojan by generic heuristics and will not flag it as a specific member of its group.
With the harmless-looking name of 'SystemScheduleHost,' the Morseop Ransomware doesn't look like much. The truth of a Trojan's executable shrouds itself with lies, though, and such deceit can leak into the Morseop Ransomware's ransom demands, too.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.