PewPew Ransomware
The PewPew Ransomware is a file-locking Trojan that blocks media on Windows computers and holds it hostage. Like most of its kind, the PewPew Ransomware includes multiple ransom notes for premium data recovery and changes any locked files' names. Users should always have backups on other devices for optimal recoveries and let trusted anti-malware products contain or delete the PewPew Ransomware when they identify it.
The Onomatopoeia that Incinerates Your Windows Work
With its genealogy doubtful, the Trojan calling itself PewPew Ransomware is open to speculation on how its threat actor created it or is planning on distributing it out in the wild. Sadly, malware researchers find its features clear, having all the hallmarks of a file-locking Trojan. This threat is more than a little similar to multiple Trojan families visually, including the Globe Ransomware, the Globe Imposter Ransomware and the Dharma Ransomware. Whether this fact is more than surface-level, only the campaign's admin knows.
Samples of the PewPew Ransomware available to malware researchers suggest the usual preference for a Windows environment, although multiple versions, including Windows 7 and 10, are at risk. The Trojan's installer is slightly larger than the average one and uses packing for concealment from any security products. Intriguingly, both some of its EXE details and payload symptoms contain the string 'abkir,' a possibly-Arabic term.
The PewPew Ransomware's essential feature is the non-consensual encryption routine: an attack that makes files non-openable by encrypting them. On a more superficial level, it also changes their names by adding extras, such as the 'abkir' word, its e-mail, and a probably-unique ID string. Victims may find its ransoming instructions for buying a possible decryptor in both HTA and text files, the former of which look highly similar to the previously-mentioned Trojan families' entries.
Although malware researchers rate it unlikely that the PewPew Ransomware is a modern variant of Dharma Ransomware's Ransomware-as-a-Service, they have yet to determine whether or not the Trojan's encryption is breakable by victims without the criminal's decryption data.
Avoiding a Zap from Trojan Lasers
The PewPew Ransomware's threat actors monitor public threat databases, and they may likely change infection strategies after revealing any meaningful clues. Attackers may break into networks and hold files hostage by brute-forcing an admin's credentials but are just as likely of sending e-mail attachments with disguises such as invoices to any targets. Malware researchers discourage illicit downloads for all home users and suggest turning off any high-risk features, including JavaScript, Java, Flash and Microsoft Office macros.
The PewPew Ransomware encryption strength is wholly unknown, but most Trojans with file-locking features can hold the victim's files in perpetuity. Accordingly, a backup is especially crucial for a full recovery. Saving backups non-locally will offer additional protection against Trojans that include the Restore Point-targeting attacks or similar features.
Reliable anti-malware programs are proving themselves up to the task of identifying file-locking Trojans, whatever their families are, and should remove the PewPew Ransomware appropriately.
The PewPew Ransomware is zapping files' data for a payout that no one can put a price on, yet. Every user that pays only extends the life of this potentially-deadly weapon, which, in the wrong hands, can take whole computers or servers' worth of media hostage.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.