OGDO Ransomware
The OGDO Ransomware is a file-locker Trojan that's part of STOP Ransomware's Ransomware-as-a-Service group. The OGDO Ransomware targets Windows systems and encrypts files, such as documents, so that they can't open. Users should schedule and secure backups for a complete recovery from any infections, and have a professional anti-malware service remove the OGDO Ransomware on its detection.
Trojan Families Jostling on the Threat Landscape
There's increasingly-stiff competition among Ransomware-as-a-Services and independent equivalents of file-locking Trojans, but the STOP Ransomware remains a popular option for threat actors. Hackers 'hire' and deploy this threat to various targets, including random home users, with randomized names and extensions being the most visible differences between them. The OGDO Ransomware is proof of the RaaS business sector's thriving in 2020, particularly for the STOP Ransomware family.
As a member of that group, the OGDO Ransomware includes an often-dynamic encryption security method that downloads a key as part of its locking victims' files, such as pictures, databases and documents. Further attacks from the OGDO Ransomware include appending campaign and ransoming data to files' names, creating HTA or TXT ransom notes, and erasing the user's Restore Points. Some STOP Ransomware family campaigns also attempt data theft through tools like AZORult, although this quirk isn't a universal one, and malware experts can't verify it for the OGDO Ransomware.
Because of the security around its data-locking feature, freely decrypting anything that the OGDO Ransomware's family locks is a rarity for victims. Malware researchers recommend backups on other, secure devices as an excellent means of protection against the OGDO Ransomware's attacks and those of all other Ransomware-as-a-Services. Windows users are the most pertinent demographic for the OGDO Ransomware, as they also are for most Trojans with these features.
Pushing the STOP Ransomware to Live Out Its Name
Secure backups on USB devices, password-protected NAS, and cloud services can keep most file-locker Trojans from having any bargaining leverage. In contrast, paying ransoms as per the OGDO Ransomware's instructions may or may not offer any decryption solutions in exchange. Even if the OGDO Ransomware defaults to its 'less secure' encryption, which uses an internal RSA key, most victims will have no recourse for recovery for free.
Windows users at home and in workplaces also should exercise precautions that will eliminate significant security vulnerabilities that could help spread the OGDO Ransomware. Strong passwords, disabling features like documents' macros or browsers' JavaScript, and installing software updates will assist with this goal. File-locker Trojans may install themselves through various methods, but most exploits require some accidental help from the victim.
Dedicated anti-malware services have long-since-confirmed detection metrics for the STOP Ransomware and its many members. Assuming that at least one such service is open, users should block and delete the OGDO Ransomware automatically without experiencing the file-locking attack.
The STOP Ransomware might be the most ironically-named of families, but such wordplay is part and parcel of the Trojan trade. The OGDO Ransomware, as another random iteration of it, is just as threatening but disposable as a hundred others, from the Jope Ransomware and the Djvu Ransomware to the Rumba Ransomware and the Boop Ransomware.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.