OFFWHITE Ransomware
The OFFWHITE Ransomware is a variant of the NEFILIM Ransomware, a file-locking Trojan. Infected Windows systems are at risk of having non-OS-critical files locked, such as documents and other media. Users can protect themselves with backups combined with anti-malware tools for deleting the OFFWHITE Ransomware.
A Cheeky Reboot of Judaic Folklore
Threat actors aren't known for choosing the most appropriate themes with their threatening software, but the hijacking of Jewish history's Nephilim or Nefilim remains one of the most memorable examples. The OFFWHITE Ransomware is an update to the recently-active NEFILIM Ransomware, showing that criminals are either rotating through names or providing services to third parties. In either case, the result for a victim is their files under lock and key.
The OFFWHITE Ransomware's executable is a small (less than thirty kilobytes) program for Windows. When it runs, it searches for files of all ransom-appropriate formats (AVI movies, DOC documents, JPG pictures, for instance) and encrypts them using what it claims is a 'military-grade' algorithm. Less obviously, malware researchers confirm its harming settings related to Intranet and proxy services, which is a common attack for further harming business entities increasingly.
With the files locked, the OFFWHITE Ransomware sells an unlocker through a ransom note that it places in the base locations of all drives, C and otherwise. The message is, mostly, identical to the NEFILIM Ransomware one, although it has slightly-superior formatting, and, of course, a different address. Malware experts still discourage making payments, since the risk of getting nothing back is high.
Running Servers Clean of Dingy Colors
In the past, the NEFILIM Ransomware's threat actor used digital certificates for hiding the Trojan – an unusually expensive and sophisticated move, for a file-locker Trojan. Thus far, malware researchers find versions of the OFFWHITE Ransomware using similar disguises. While the presence of a valid digital certificate is, often, a good indicator of safety, there always are exceptions worth keeping in mind.
Users should be watchful against traditional, business-oriented infection vectors against the OFFWHITE Ransomware attacks. Threat actors may send e-mails with attached documents carrying interior drive-by-download exploits, brute-force an admin's login credentials, or, more rarely, infect websites related to the target's interests or online resource needs. Regular users also are at risk from less-advanced strategies, such as the fake Flash update or software crack download.
Some anti-malware programs will delete the OFFWHITE Ransomware securely. Updating threat databases regularly will further help their statistics against new threats and ones with non-negligible disguises, like the NEFILIM Ransomware family.
Months after its ancestor's appearance, the OFFWHITE Ransomware is renewing attacks without changing around its strategic approach very much. Users can capitalize on that stagnancy with the appropriate defenses, including, hopefully, a proper backup on spare devices nowhere in the Trojan's grasp.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.