Pants Ransomware
The Pants Ransomware is a file-locking Trojan that's part of the Ransomware-as-a-Service, Globe Imposter Ransomware. A secured and non-local backup is the ideal recovery solution to attacks by this family and other RaaSes, which can hold documents and other media as permanent hostages. Reliable anti-malware utilities also will remove the Pants Ransomware without requiring significant user assistance.
Experiencing the Irreverent Side of Trojan Campaigning
The Globe Imposter Ransomware is sticking it out in an increasingly-constricted industry of file-locking Trojan families that vie for attention among criminals with Trojan campaigning know-how. However, the interest that these illicit businesses garner isn't always from the most professional or well-trained attackers. For the Pants Ransomware, a recent member of this Ransomware-as-a-Service, its details suggest an almost playful side to extortion.
As with other versions of Globe Imposter Ransomware (see: the CCHH Ransomware, the Taargo Ransomware, the '.Gif File Extension' Ransomware, or the '.SKUNK File Extension' Ransomware), the Pants Ransomware has a standardized and well-polished payload. It uses secure encryption to block files, documents, images, and other media that might be valuable to the user, particularly. Once it finishes, it marks each 'prisoner' file with a custom extension from its campaign and creates a ransom note. The latter, an HTML page, abides by a template that this family and related ones (the Globe Ransomware and the Dharma Ransomware) often use, and gives mostly-generic text, besides an e-mail for contacting the threat actor.
The hiring threat actor has customized the few elements of this RaaS under his control with unusual and semi-joking choices. The Pants Ransomware names its ransoming instructions with profanity, has the random selection of 'pants' as its extension, and has a thematically distinct (possibly, a music or comic book reference) e-mail address. The result is a Trojan that, while attacking similarly to any Ransomware-as-a-Service, shows an attitude that's reminiscent of 'freeware' Trojans like Hidden Tear or the Jigsaw Ransomware.
A Shield Betraying Its Wielder
Victims should withhold any ransom payments they're considering, if possible. Many threat actors provide unreliable or fake decryption assistance and demand ransoms through channels that lack suitable refund protections. As a rule, malware experts insist on backups on separate devices as a preferable and always-dependable solution for saving files.
According to the whims and talents of third parties, file-locking Trojans from these illicit businesses are notable for their distribution models' flexibility. Malware researchers do find some versions of the Pants Ransomware using a 'Netshield' disguise, which implies that the Trojan's distribution comes from fake anti-virus and cyber-security products. Users should avoid unknown websites for downloads, if possible, and otherwise, scan their new downloads before opening them. Other precautions, such as using visible extensions, turning off JavaScript, and having strong network passwords, are also highly relevant.
Reliable anti-malware products for Windows systems will protect most PCs and block infection exploits from most channels. They also can disinfect PCs and remove the Pants Ransomware installations, but not unlock or decrypt any files.
The Pants Ransomware is a buffoonish and vulgar Trojan, but just as hostile to files' data as any straight-faced creation from the Crysis Ransomware's Trojan-engineering kit. Assailants aren't always solemn in demeanor, and anyone on Windows should take this Trojan, and their backups, deadly seriously.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.