Home Malware Programs Ransomware Peace Ransomware

Peace Ransomware

Posted: November 4, 2020

The Peace Ransomware is a file-locking Trojan that's an update of the Void Ransomware or VoidCrypt Ransomware's family. Besides blocking files, the Peace Ransomware may disable some security features or delete local backup and diagnostic data. Windows users should back their work up onto other devices and have anti-malware products ready for removing the Peace Ransomware.

Another Glance at a Yawning Void of Data Loss

Although once tiny, the Void Ransomware or VoidCrypt Ransomware family is growing steadily, with variants caught in threat databases over weeks and months. The Peace Ransomware might be the latest one that malware analysts see. Still, its illicit way of doing business, and making a ransom from it, is the same as its ancestors': the Exploit Ransomware, the Lalaland Ransomware and the Spade Ransomware. Besides some supporting features, most of the Peace Ransomware's impact boils down to a single encryption feature and a pop-up.

The Peace Ransomware uses secure encryption for locking files – significantly, not just in media folders like Windows' Documents, but in most locations, including the base C drive and the Recycle Bin. The traditional extension it inserts as a mark of the attack includes the 'Peace' form its name and two other information: an e-mail address and an ID. These details are for victims considering the ransom payment, which the Peace Ransomware advertises in its ransom note.

The Peace Ransomware's pop-up ransom note is the same as other versions of the Void Ransomware, excepting different e-mails. It offers a two-day deadline before raising the price on the unlocking service and asks for Bitcoins.

Some additional effects that malware experts caution against in the Peace Ransomware infections include:

  • Deleted the Restore Points and other backup data
  • Disabled server management tools
  • Disabled boot-up warnings

Such features help the Trojan avoid symptoms that might draw attention before it completes the attack and finalizes the 'hostage' situation with the victim's media. Also, the Peace Ransomware may block more than traditional media files, although the Windows OS shouldn't be directly affected.

Bringing Peace to Hard Drives with Their Files in Fluctuation

The Peace Ransomware family is a newcomer to the field of file-locker Trojans but just as effective at blocking files as any of the older competition. Its AES and RSA encryption method is secure and, without unexpected developments, will keep the user's files in a permanent lockout state. Users can regain their files from backups or risk the ransom for the threat actor's help.

Besides the explicit value of backups in these scenarios, malware researchers recommend taking all the usual steps that limit drive-by-downloads and similar attacks. Doing so will keep attackers from gaining access to their targets and either dropping the Peace Ransomware or tricking users into doing so for them. Features like JavaScript and Flash usually should be left off. Passwords should be strong enough to resist dictionary attacks, and users should be hesitant about enabling content in unusual e-mail attachments. Illicit torrents and outdated software also may figure into infection vectors in some cases.

Helpfully, most AV vendors provide solutions that detect and block these threats. Users with proper, ideally up-to-date security products can depend on those services for intercepting installation exploits or removing the Peace Ransomware as soon as possible.

Still, all the cleanup tools in the world can't cover up the damage that Trojans like the Peace Ransomware will wreak with just a little time on their hands. As Void Ransomware's family grows in numbers, it adds its voice to the refrain: back one's media up or lose it to extortionists.

Related Posts

Loading...