Home Malware Programs Ransomware Predator Ransomware

Predator Ransomware

Posted: July 17, 2018

The Predator Ransomware is a file-locking Trojan that can keep your media from opening by encrypting it. The Predator Ransomware accompanies these attacks with creating messages demanding on ransom payments for the decryption help of its threat actor. Have your anti-malware program remove the Predator Ransomware whenever a detection occurs, and keep backups on other devices for stopping any chances of long-term data loss from harmful encryption.

A New Predator is on the Prowl

A Trojan that many AV solutions are identifying as a variant of the Razy Ransomware is just beginning another campaign of locking files on its victims' computers until they pay Bitcoin ransoms. While the low-cost of the decryptor indicates that casual PC owners are the likely targets, malware experts can't confirm any of the current infection vectors for this threat, the Predator Ransomware. Its attacks are, like those of most file-locker Trojans, targeting English speakers.

The Predator Ransomware uses an unknown cipher for encrypting the files on the Windows systems that it infects and is most likely of locking documents, pictures, archives, and other, 'disposable' media formats. The Trojan also appends '.predator' extensions in their names afterward, and may or may not remove the first format tag ('tree.jpg.predator' or 'tree.predator'). As usual, trying to open these files without decrypting them gives a generic error due to the application being unable to interpret the data.

The ransom note that the Predator Ransomware creates is one that malware researchers aren't tracing back to any other campaigns, such as those of the many Hidden Tear, the Globe Ransomware, or the Jigsaw Ransomware variants. The threat actor is collecting one hundred dollar ransoms in Bitcoins, and the associated account has over a thousand dollars from its campaign to date. Since Bitcoin refunds require consent from both parties and have no legal protections from fraud, paying the ransom for unlocking your files should be reserved as a last resort, if considered at all.

Taking Your Files Out of the Predator Ransomware's Hunting Grounds

The Predator Ransomware's executable is typical for a file-locker Trojan: it's a Windows application of less than a megabyte, and threat actors could distribute it with drive-by-downloads, spam e-mails or brute-force attacks. Careful implementation of your login and password credentials can hamper the efficiency of brute-force hacking software, and having traditional anti-malware protection can help detect Trojan droppers, which can embed themselves inside of otherwise ordinary documents or use false extensions.

Cyber-security researcher Michael Gillespie is offering his assistance with analyzing further samples of the Predator Ransomware for determining if developing a decryption tool is plausible. Other ways of recovering your locked files depend on having backups, especially ones that the user hasn't saved to local sources that the Trojan could delete or encrypt. Most anti-malware programs should experience no problems with removing the Predator Ransomware, even though many brands are detecting it with non-specific heuristics.

The Predator Ransomware's campaign is new to its Trojan industry, but, already, are responsible for collecting four digits worth of currency for its author. Developing a file-locking Trojan is far from hard, but, fortunately, neither is remembering to back your files up occasionally.

Related Posts

Loading...