Odveta Ransomware
The Odveta Ransomware is a file-locking Trojan based on the KingOuroboros Ransomware. The Odveta Ransomware can keep your files from opening by encrypting them and is noted for targeting vulnerable networks through remote admin features. Users can protect themselves through securing RDP, patching vulnerabilities, and using strong passwords while having their anti-malware services delete the KingOuroboros Ransomware as soon as possible after detection.
The Worm Exposes Its Head to Daylight Again
A file-locker Trojan with significant coding connections to the CryptoWire Ransomware is receiving further iteration that suggests the ongoing distribution of a small, but ransom-viable 'family business.' The latest version of the KingOuroboros Ransomware (whose collection also includes the Angus Ransomware, the Kronos Ransomware, and the Zeropadypt Ransomware) is out in the wild with a different name and highly-specific victims. The Odveta Ransomware's name may come from the Slovakian language, but its attacks can harm any Windows user's files.
The Odveta Ransomware (which translates to 'revenge' or 'retaliation' in Slovak) is gaining access to users' files through vulnerabilities such as insecure RDP settings, unpatched server infrastructure, or account passwords that are susceptible to brute force cracking. Currently, malware experts only can confirm the medical industry, such as hospital networks, in unknown regions as being affected. Once it infects the Windows system, the Odveta Ransomware launches attacks as per tradition for the file-locker Trojans of its family.
The Trojan launches the CMD utility and issues system commands for terminating various programs, such as Microsoft SQL Server components. Then, it blocks media files through AES-256 encryption with additional RSA security. With the sabotage finished, the Odveta Ransomware continues to its Bitcoin ransom service for restoring data. Malware experts are verifying at least two variants, one of which uses a text message, and the other, a different text file along with a pop-up window.
Putting KingOuroboros Ransomware's Offspring Back to Earth
The Odveta Ransomware campaign runs off of version six of the KingOuroboros Ransomware's code and is that much less likely of having free decryption solutions available. While there is a freeware service for old versions of the family, threat actors typically re-secure any weak encryption routines during any significant updates to their Trojan's code. As an additional concern, malware experts also link the history of threat actors related to this family with failures of honoring any ransom-based transactions.
Taking the above into account, the only reliable means of preserving files from the Odveta Ransomware's permanent lockdown is possessing backups in secure locations. Malware experts additionally recommend that all network admins familiarize themselves with some of the more basic defenses against file-locker Trojan attacks. Such behaviors include using appropriate passwords, installing patches regularly, and turning RDP off whenever it's not in use.
Forgetting about the smaller players in the threat landscape is something anyone might make the mistake of doing, which this worm family variant is exploiting for cryptocurrency. While it's not the biggest name in the business, the Odveta Ransomware and its brethren are no less deadly to data than their higher-profile competitors.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.