Home Malware Programs Ransomware Octopus Ransomware

Octopus Ransomware

Posted: November 12, 2019

The Octopus Ransomware is a file-locking Trojan from the family of the Phobos Ransomware. The Octopus Ransomware can encrypt file data automatically for holding it hostage and monetizes the attack with accompanying ransom notes. Users should have their anti-malware solutions remove the Octopus Ransomware ASAP before resorting to any available backups for content retrieval.

Look What's Getting Its Tentacles on Your Files Now

Shortly after the confirmation of the Deal Ransomware's circulation, further variants of the Phobos Ransomware family are coming out with live campaigns targeting victims through multiple methods – but with an emphasis on RDP 'hacking.' While the Octopus Ransomware's arrival on the tailwind of its recent predecessor is no surprise, it does show that multiple sets of criminal 'clients' are expressing highly-active interest in abusing this Trojan family's ransoming capabilities.

The Octopus Ransomware uses an AES encryption routine for blocking content, which has remained secure since earlier versions like the 'fobosamerika@protonmail.ch' Ransomware, the 'tedmundboardus@aol.com' Ransomware and the 'audrey.b@aol.com' Ransomware. Users can identify any locked media quickly by looking at the extensions, which include the Octopus Ransomware's aquatic animal theme, an ID serial, and an e-mail for contacting the extortionist. There are no public decryptors for unlocking these files, which makes the Octopus Ransomware equally effective as more significant threats like the Scarab Ransomware or the Dharma Ransomware at pressuring its victims.

The monetization side of the Octopus Ransomware's payload, as usual, hinges on the victim's reading one of two ransom notes, in either Notepad or an advanced Web page. In such cases, malware experts can recommend taking advantage of any free demonstrations available but discourage paying the ransom. Most criminals deal in Bitcoins and other currencies with limited refunding potential while also providing questionable dependability for their decryption service.

Taking Proper Care with Software Sea Creatures

Encryption, without any additional support, can be a minor obstacle to users who familiarize themselves with default recovery tools like the Restore Points. This widespread, default 'cure' to locked files is one that most file-locker Trojan families compensate for with other attacks, which includes the Octopus Ransomware's features. Besides removing backup data, the Octopus Ransomware also suppresses error messages during startup and disables other security features, such as the Windows Firewall.

Since local backups are at risk from this deletion, malware researchers typically recommend saving backups to external devices. Cloud services, writable DVDs, or removable USBs are typical examples available for both businesses and casual PC users. Users also can prevent infections from occurring through standard practices that include:

  • Scanning e-mail attachments.
  • Avoiding enabling macros or 'advanced content'.
  • Turning off your browser's scripts.
  • Disabling remote admin features.
  • Installing security patches.

Reports suggest that the Octopus Ransomware is leaning on RDP-based attacks and manual installations for gaining access to new PCs. These methods usually require some cooperation from the victim – even if it's only not using a strong password. Most anti-malware products, if active, should handle removing the Octopus Ransomware on sight.

The Octopus Ransomware has a new change of theme for its campaign but not much in the way of different features. However, one may well ask why a Trojan needs updating when the 'same old' is making ransom money from the careless just as well.

Related Posts

Loading...