Home Malware Programs Ransomware Outsider Ransomware

Outsider Ransomware

Posted: December 12, 2018

The Outsider Ransomware is a file-locker Trojan that can block media on your PC by encrypting it with an algorithm such as RSA or AES. The Outsider Ransomware's payload includes a ransom note with an accompanying social engineering tactic disassociating the ransom-collector from the threat actor responsible for the attack, for encouraging payments. Users should ignore any ransoming instructions, keep backups or use free decryption tools for any data recovery, and uninstall the Outsider Ransomware through proper anti-malware solutions.

The Trojan that's an Outsider to the Crime that It's Committing

One file-locking Trojan without any evidence of representation within pre-established families like the Scarab Ransomware or the Globe Imposter Ransomware is conducting a particularly disingenuous campaign. The Outsider Ransomware, while basing its attacks off of the same format of 'encrypt media and deliver a message' that others of its kind use, is distributing a ransom note with bold assertions. Malware experts note similar issues in past threats, such as any file-locker Trojan using the 'security problem with your PC' template, but the Outsider Ransomware contains more detail than most competition.

The Outsider Ransomware is a fully-working threat with a primary executable of under twenty kilobytes, making it one of the smallest examples of a file-locker Trojan, to date. Its payload is set to encrypt nothing more than a 'test' directory on the infected PC currently, whose contents it blocks with an unknown encryption cipher. Malware analysts are verifying attacks against typical formats of media, such as JPG pictures, XLS spreadsheets, Adobe PDF documents and Word's DOCs, all of which suffer through the additional application of a 'protected' extension.

The filename tag is part of the Outsider Ransomware's ransoming tactic, which uses text messages for claiming that the PC's files under encryption by a third party as a security measure for preventing their leaking. The Outsider Ransomware also asserts that the PC is suffering from a compromise via a conventional backdoor attack that could let criminals control the system or the rest of a local network, although no concrete, backdoor functions are evident in its payload. This hoax, which represents the encryption as benign and the ransoming payment as a legitimate fee, is an unusual technique for persuading the victims into paying the criminal for the file unlocker.

Getting Inside the Outsider Ransomware's Campaign

While the Outsider Ransomware, which is Windows software, isn't a member of a family of note like Hidden Tear, most AV solutions are identifying it through heuristic, threat-detection rulesets. Preventing infections should cover all of the notable exploits for file-locking Trojans, which include exploit kits running through your Web browser, mislabeled torrents (and other, illicit downloading resources), brute-force attacks against server credentials, and spam e-mails. Any releases of the Outsider Ransomware into the wild will, almost definitively, encrypt more locations than the single directory that malware experts are confirming for the time being, with the desktop, downloads, and documents being in high danger.

Decrypting what the Outsider Ransomware locks may or may not be practical for the victims, who can contact trusted anti-malware researchers and organizations for their help. When doing so, the users should quarantine the Outsider Ransomware and preserve samples of anything associated with the infection vectors or the encrypted media. Preferably, their anti-malware programs will delete the Outsider Ransomware on sight and stop its payload before any data enciphering starts.

Malware researchers are finding some payments to the Outsider Ransomware's wallet, but these transactions aren't, necessarily, ransoms. Hopefully, a backup supported by all the usual network security precautions will keep its Bitcoin account from getting any fuller.

Loading...