Home Malware Programs Ransomware '.obfuscated File Extension' Ransomware

'.obfuscated File Extension' Ransomware

Posted: January 16, 2019

The '.obfuscated File Extension' Ransomware is a file-locking Trojan that can encrypt media on your PC, such as documents, for selling the unlocking service later. Users with any other recovery options for their work should ignore the ransoming demands, and traditional backup strategies should protect your files. Update your anti-malware tools for helping their accuracy with removing the '.obfuscated File Extension' Ransomware safely, which has an unusually high evasion rate for its category.

A Little Data Obfuscation for Your Bitcoins

A new file-locking Trojan is starting up attacks against Windows users, with only Mexican victims, for the moment. The '.obfuscated File Extension' Ransomware has little to differentiate its attacks from those of a family like the Globe Ransomware's Ransomware-as-a-Service business or the 'free' Hidden Tear program. However, malware experts do express some concerns over the unusual effectuality of the '.obfuscated File Extension' Ransomware's self-obfuscation from threat-detecting metrics.

There are multiple variants of the '.obfuscated File Extension' Ransomware with questionable differences between their payloads, although all versions should include the file-locking behavior and the generating of ransom notes. The '.obfuscated File Extension' Ransomware's original size, as an executable, ranges from under one megabyte to over two, but the Trojan always is built for 32-bit Windows operating systems. After running, the '.obfuscated File Extension' Ransomware launches an encryption-based attack against the user's local media.

The '.obfuscated File Extension' Ransomware's file-blocking behavior exploits encryption's capability for converting files into temporarily illegible formats, and adds secondary 'obfuscated' tags to their names, after the first extensions. The '.obfuscated File Extension' Ransomware also creates 'Read Me' Notepad files with its ransoming instructions, although the pertinent information boils down to little more than an e-mail address and a recommendation for procuring Bitcoins for the unlocker. Using the cryptocurrency for ransoms, as malware experts often see throughout different file-locking Trojans' families, lets the threat actors keep their anonymity and evade the finance industry's refund policies.

Deobfuscating a Well-Hidden Trojan

The '.obfuscated File Extension' Ransomware's greatest success, arguably, lies in its avoidance of detection by current rulesets and heuristics for identifying threatening software. As a rule, malware experts always recommend updating software for improving its efficiency and closing vulnerabilities regularly. However, in the case of protecting your files from the '.obfuscated File Extension' Ransomware, with less than half of the major AV companies' products detecting two out of three samples, updates may be especially necessary.

While malware experts do note the '.obfuscated File Extension' Ransomware's campaign as being active, any infection methods it uses aren't certain. Previously, file-locking Trojans employed exploit kits running through their victims' browsers, port-scanning and brute-force attacks against network-accessible systems, and spam e-mails. Having safe browsing habits will keep most users out of any significant risk while their anti-malware products, hopefully, will block or remove the '.obfuscated File Extension' Ransomware as appropriate.

The encryption that the '.obfuscated File Extension' Ransomware uses could be decryptable or not, and the users shouldn't bet on the former. When a backup to a spare USB can take care of most of your problems, it would be reckless to hope that new Trojans can't do anything permanent to your work.

Loading...