PewPew Ransomware

Posted: September 17, 2020

PewPew Ransomware Description

The PewPew Ransomware is a file-locking Trojan that blocks media on Windows computers and holds it hostage. Like most of its kind, the PewPew Ransomware includes multiple ransom notes for premium data recovery and changes any locked files' names. Users should always have backups on other devices for optimal recoveries and let trusted anti-malware products contain or delete the PewPew Ransomware when they identify it.

The Onomatopoeia that Incinerates Your Windows Work

With its genealogy doubtful, the Trojan calling itself PewPew Ransomware is open to speculation on how its threat actor created it or is planning on distributing it out in the wild. Sadly, malware researchers find its features clear, having all the hallmarks of a file-locking Trojan. This threat is more than a little similar to multiple Trojan families visually, including the Globe Ransomware, the Globe Imposter Ransomware and the Dharma Ransomware. Whether this fact is more than surface-level, only the campaign's admin knows.

Samples of the PewPew Ransomware available to malware researchers suggest the usual preference for a Windows environment, although multiple versions, including Windows 7 and 10, are at risk. The Trojan's installer is slightly larger than the average one and uses packing for concealment from any security products. Intriguingly, both some of its EXE details and payload symptoms contain the string 'abkir,' a possibly-Arabic term.

The PewPew Ransomware's essential feature is the non-consensual encryption routine: an attack that makes files non-openable by encrypting them. On a more superficial level, it also changes their names by adding extras, such as the 'abkir' word, its e-mail, and a probably-unique ID string. Victims may find its ransoming instructions for buying a possible decryptor in both HTA and text files, the former of which look highly similar to the previously-mentioned Trojan families' entries.

Although malware researchers rate it unlikely that the PewPew Ransomware is a modern variant of Dharma Ransomware's Ransomware-as-a-Service, they have yet to determine whether or not the Trojan's encryption is breakable by victims without the criminal's decryption data.

Avoiding a Zap from Trojan Lasers

The PewPew Ransomware's threat actors monitor public threat databases, and they may likely change infection strategies after revealing any meaningful clues. Attackers may break into networks and hold files hostage by brute-forcing an admin's credentials but are just as likely of sending e-mail attachments with disguises such as invoices to any targets. Malware researchers discourage illicit downloads for all home users and suggest turning off any high-risk features, including JavaScript, Java, Flash and Microsoft Office macros.

The PewPew Ransomware encryption strength is wholly unknown, but most Trojans with file-locking features can hold the victim's files in perpetuity. Accordingly, a backup is especially crucial for a full recovery. Saving backups non-locally will offer additional protection against Trojans that include the Restore Point-targeting attacks or similar features.

Reliable anti-malware programs are proving themselves up to the task of identifying file-locking Trojans, whatever their families are, and should remove the PewPew Ransomware appropriately.

The PewPew Ransomware is zapping files' data for a payout that no one can put a price on, yet. Every user that pays only extends the life of this potentially-deadly weapon, which, in the wrong hands, can take whole computers or servers' worth of media hostage.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to PewPew Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware PewPew Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.