Home Malware Programs Ransomware Peet Ransomware

Peet Ransomware

Posted: November 13, 2019

The Peet Ransomware is a file-locking Trojan from the STOP Ransomware family. The Peet Ransomware can encrypt media files on your PC and block them indefinitely while offering a ransom-based unlocking service. Users should have backups for recovering as necessary, although any high-quality anti-malware product should identify the Trojan as a threat and delete the Peet Ransomware automatically.

Piping Hot Threats Fresh Off the Presses

Ransomware-as-a-Service never stops at just one Trojan – but rather, is a business that functions through a proliferation of innumerable variants. While some of this output consists of copy-and-paste threats without much to tell the difference between them besides their names, others have notable updates to cryptography or other features. Malware experts have yet to ascertain whether the Peet Ransomware fits into the first or second of these classes, but its peril to media is self-explanatory.

The Peet Ransomware is a part of the RaaS family known as the STOP Ransomware (or the Djvu Ransomware, according to one of its earliest samples). The Windows-based threat may circulate throughout any part of the world, although Southeast Asia is at the highest state of risk through torrents, unsafe server configurations, and other security issues. Delivery methods using falsely-named e-mail attachments or 'warez,' such as game keygens, are commonplace particularly.

Malware researchers remain confident in the following features being present in the Peet Ransomware:

  • The Peet Ransomware may lock documents, pictures, and other media formats with the AES and RSA encryptions. The latter can be dynamic or static, depending on its connection to the RaaS server.
  • The Peet Ransomware adds 'peet' extensions, along with related ransoming data, to the names of these blocked files.
  • The Peet Ransomware creates TXT ransom notes with demands for contacting the threat actor via a family-specific e-mail address.
  • The Peet Ransomware may block websites by modifying the Windows Hosts file and redirecting IP addresses.
  • The Peet Ransomware may install other threats, such as the AZORult spyware that collects passwords.

The Trojan also contains precautions against default backups that would circumvent its ransoming attempt, such as the Restore Points.

Helping the Peet Ransomware Peter Out

Attacks by the Peet Ransomware are problematic for global, corporate entities, small businesses and their websites, and casual PC users at the individual level. In all cases, users can best protect their files by preserving backups that the Peet Ransomware can't delete through the standard CMD system commands. In this respect, removable devices, NAS, and cloud storage are useful counters.

Users should, however, also attend to vulnerabilities that invite file-locking Trojans' attacks. Using strong passwords will prevent attackers from brute-forcing their way into systems, installing patches will cut out software vulnerabilities, and disabling features like JavaScript, Flash, and document macros also is helpful. Game cracks and other, illicit software also are typical disguises for file-locking Trojans from the STOP Ransomware family, a la Kuub Ransomware, Meka Ransomware, Seto Ransomware or Werd Ransomware.

Another weakness in the Peet Ransomware's family is their inadequate evasion mechanisms versus PC security services. Most anti-malware programs include threat entries for the STOP Ransomware and should delete the Peet Ransomware virtually instantly.

Making a little money isn't a bad thing unless it's through taking advantage of others. For the Peet Ransomware and Trojans like it, extortion is more than a lifestyle – it's a business and one that no one should participate in, even from the ransom-paying end.

Related Posts