Nyton Ransomware
The Nyton Ransomware is a file-locking Trojan that blocks your digital media with encryption and creates ransom notes. Its campaign is focusing on targeting Web servers through unknown vulnerabilities, which may include built-in software issues or unsafe configuration choices by the administrators. Users should let their anti-malware services remove the Nyton Ransomware on sight and keep a backup as a preferable, non-ransom-based solution.
A Bold New Trojan Shoving Its Way Between Families
The Ransomware-as-a-Service families may have stiff competition in the Nyton Ransomware, which could be the start of a new familial RaaS or a one-of-a-kind program. Attacks by this threat are quite recent as of late November 2019, and target users' Web servers and the associated files. However, the Nyton Ransomware also is capable of causing damage to more than media, whether by accident or intentionally.
The Nyton Ransomware isn't a known member of families like the Scarab Ransomware, the Globe Ransomwar, or the Crysis Ransomware, although the SOP of its ransom note is similar to each of these groups. It targets servers, including Linux-based environments, and could be using the Raspberry Pi – a portable, small-scale computer the size of a credit card – for accessing and infecting systems physically. Other possibilities include using vulnerabilities in outdated server software or brute-forcing the administrators' logins.
Other parts of the Nyton Ransomware's campaign are more traditional than the above details. It encrypts most files on the system, including, in some cases, operating system components, and makes them unusable. It also leaves a text message for getting the user to interact with its TOR website and pay a ransom, which malware experts have yet to ascertain in value. It claims that it uses AES-based encryption, which isn't confirmed, but is a likely option that most file-locking Trojans prefer.
Keeping Your Server Out of the Sights of Encryption Invasions
While the Nyton Ransomware is a relative upstart in a threat landscape that's full of long-term Trojans with hundreds of variants, it's proving its viability, already. In a matter of a few days, it's compromised multiple victims out in the wild successfully. Although malware researchers can't confirm any geographical data on the distribution of these attacks, a significant proportion of the victims are English speakers.
Administrators can harden their defenses by updating any software serving critical infrastructure roles in their servers. Secure password selection also is paramount due to the weakness of poorly-chosen passwords against brute-force 'guessing' attacks. Monitoring features prone to abuse, such as RDP, also is effectively mandatory for reasonably-safe server setup.
There's nothing that can inform on whether the Nyton Ransomware's encryption is penetrable or immune to third-party cracking. A competent anti-malware program should delete the Nyton Ransomware on sight, but unlocking files is, more usually than not, a pipe dream for the victims.
The Nyton Ransomware is coming into the fray with an interestingly professional deployment style for a Trojan no one's heard of until now. That makes it, if not a RaaS family, at least just as threatening as one, as far as malware analysts are concerned.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.