'newsantaclaus@aol.com' Ransomware

The 'newsantaclaus@aol.com' Ransomware is a file-locking Trojan from the Dharma Ransomware's family, an update of the Crysis Ransomware. Besides the changes to its addresses and extensions, malware experts find no new updates with this variant, which includes features for blocking media on your computer and creating ransoming messages for a premium unlocker. Affected users should recover their files from a secure backup, if they can, after deleting the 'newsantaclaus@aol.com' Ransomware with their preferred anti-malware solution.

Trojans Down Your Chimney for Christmas

Ransomware-as-a-Service doesn't stop for the holidays, and threat actors even are taking advantage of the Yuletide season for marketing purposes. The newest version of the Dharma Ransomware, a well-known update of one of the largest RaaS Trojan businesses, is using Christmas references for the cosmetic and ransoming parts of its payload. Besides these changes, which are minor, malware researchers are noting few differences between the 'newsantaclaus@aol.com' Ransomware and near relatives like the '.Bear File Extension' Ransomware, the '.bip File Extension' Ransomware, the icrypt@cock.li Ransomware and the 'java File Extension' Ransomware.

The 'newsantaclaus@aol.com' Ransomware, like most, professional cases of RaaS Trojans, will delete the Windows Shadow Volume Copies for removing backups and restore points, while also encrypting most media types on the PC. This encryption method is not breakable in modern iterations of the Dharma Ransomware, and 'locks' documents, pictures and countless other formats of data. The e-mail address in its name, a 'santa' extension, and customized ID numbers are added to the filenames of the blocked media and are the only self-evident updates to its payload.

The 'newsantaclaus@aol.com' Ransomware's family creates Notepad files and advanced Web page-based pop-ups with ransoming instructions. Although paying the ransom, which the threat actors don't specify upfront, isn't recommended for unlocking your files, some victims may find value out of the 'free sample' that the criminals are offering. As in other file-locker Trojans' infections, backing work up to other devices will lower the 'newsantaclaus@aol.com' Ransomware's chances of blocking anything beyond any hope of recovering significantly.

Disinviting Holiday Intruders from Your PC

Victims of the 'newsantaclaus@aol.com' Ransomware infections shouldn't reboot their PCs carelessly since the file-locker Trojan will re-launch and encrypt any new files automatically. Disabling network connections and switching to Safe Mode are standard recommendations for dealing with threats of this classification. The 'newsantaclaus@aol.com' Ransomware's family is capable of targeting business networks, rather than just individual users' systems, and may include mapped and unmapped drives in its attacks.

Malware researchers find most versions of the 'newsantaclaus@aol.com' Ransomware's family following e-mail and brute-force infection vectors, which are preventable by familiarizing oneself with the standard templates for spam-based attacks and using strong login credentials. Updating vulnerable software, disabling your browser's JavaScript or Flash, and disabling Word's macro feature are other defenses that most users should consider implementing. Although this threat's campaign is new, almost all anti-malware products of notable brands are capable of removing the 'newsantaclaus@aol.com' Ransomware accurately and safely.

The only people that the 'newsantaclaus@aol.com' Ransomware attacks are making 'merry' are the criminals profiteering off of bad backup management. With both individuals and business sector networks being targets of encryption-based extortion, no one should take their files for granted over the coming holidays.