Pico Ransomware
The Pico Ransomware is a variant of the file-locking Trojan Thanatos Ransomware, which encrypts the user's files and discards the associated code for unlocking them. Using free decryption solutions or, preferentially, secure backups can restore any damage that the Pico Ransomware causes, and malware experts strongly recommend against paying any ransoms. Have your anti-malware products delete the Pico Ransomware as soon as they detect it for keeping any harm from coming to your media files.
The Greek Grim Reaper's New Alias
The file-locking campaign of the Thanatos Ransomware is significant for being one of the most visible series of attacks that fake offers of a decryption service. While this threat does encrypt and lock files, it throws away the decryptor's key simultaneously. Months later, another threat actor is following a similar pattern with a new nickname for the Trojan's update: the Pico Ransomware.
Since the Thanatos Ransomware also is available to the public as an open-source project, the identity of the threat actor remains up to speculation at the current time. The update of the Pico Ransomware also uses the same, AES-based means of blocking the user's media through an AES algorithm, and targets various media formats. Some of the data type malware experts warn against being vulnerable from the Pico Ransomware infections especially include 7Z and ZIP archives, Word documents, Excel spreadsheets, WAV audio files, GIF, PNG, and JPEG pictures and AVI videos.
The Pico Ransomware also displays a toned-down version of the most prominent ransom note from the Thanatos Ransomware that removes the ASCII artwork but keeping most of the text intact. The threat actor also uses a slightly different ransoming demand that asks for one hundred USD in either Bitcoin or Ethereum. However, since the Thanatos Ransomware, famously, doesn't preserve any of the decryption data, any paying victims will gain nothing for their trouble.
Ending the Next Wave of Entropy that's Aiming at Your Files
Since the Thanatos Ransomware's original analysis, other entities in the cyber-security industry have since cracked its encryption routine, and there is a free decryption utility available. However, this program only supports a limited number of formats for unlocking and may require further updates for any compatibility with the Pico Ransomware. Because decryption isn't a guarantee with many file-locking Trojans, malware experts recommend that users with significant media store these files on secure backups for the fastest recovery that's possible.
How the Pico Ransomware may infect the user's PC is an unknown factor in its campaign. Readers can protect themselves from most of the strategies that file-locker Trojans use traditionally, such as:
- E-mail attachments may disguise the Pico Ransomware's installer, or a Trojan dropper for accomplishing the same end, as a safe download. Fake invoices, documents, news articles, and workplace-themed notices are some of the usual choices, and most anti-malware products should identify these threats, as long as you scan the file before opening it.
- Exploit kits may run through your Web browser for installing the Pico Ransomware or other threats. Disabling vulnerable features such as JavaScript can remove many of these security loopholes, along with installing all patches promptly.
- Threat actors sometimes compromise PCs via RDP settings and vulnerable login credentials. Using proper password-formatting techniques will keep brute-force attacks from cracking your login combinations and giving a remote attacker the leeway for causing more problems.
Active and fully-patched anti-malware solutions should remove the Pico Ransomware automatically and keep its encryption feature from having a chance of damaging any files.
As the latest effort at using encryption for making money without any victim assistance, the Pico Ransomware is a good case of pointing out why ransoms are a fool's game. Even if you pay the amount, in full, the odds of getting even a single one of your files back is, like with most file-locker Trojans' campaigns, quite small.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.