Home Malware Programs Ransomware Princess Evolution Ransomware

Princess Evolution Ransomware

Posted: August 14, 2018

The Princess Evolution Ransomware is an update of the Princess Locker Ransomware, a Ransomware-as-a-Service threat that locks your files for money. Its affiliate program lets different threat actors distribute it any way that they prefer, although some strategies, such as spam e-mails, are more likely than other ones. Since the modern version of this threat's encryption is not decryptable freely, all users should have backups of their files for restoring and use anti-malware programs for eliminating the Princess Evolution Ransomware proactively.

Trojan Royalty Gets Fancier than Ever

RaaS or Ransomware-as-a-Service is booming, still, with new versions of the Scarab Ransomware, the Globe Ransomware, and the Crysis Ransomware continuing to represent a considerable proportion of the 'market' for file-locker Trojans. One small, but effective family by the name of Princess Locker Ransomware also is experiencing updates for keeping it competitive, along with a brand change to the Princess Evolution Ransomware. Although its encryption feature is untouched, malware experts are observing a streamlining of its network communications that could reduce the Princess Evolution Ransomware's footprint.

The Princess Evolution Ransomware, just like the last version of the Princess Locker Ransomware, can use XOR and AES encrypting algorithms for locking various file formats, such as pictures, documents and other media. The Princess Evolution Ransomware uploads the keys that it generates during this attack to a remote server under the threat actor's control. A notable difference between the Princess Evolution Ransomware and the early version of the family is that this build switches to a UDP setup for its C&C uploads, which include both those keys and other system information, such as a list of all installed security programs.

This file-locker Trojan also sports a TOR-based website for handling the Bitcoin ransom transactions, which the threat actors use for selling their decryption help for unlocking your files. This new version of the site includes formatting that's similar to that of the (technically unrelated) Cerber Ransomware campaign and asks for a ransom of 0.12 BTC (or 735 USD) that rises in coordination with a ten-day timer. Although the early versions of this Trojan family are decryptable with free services, malware experts note that the Princess Evolution Ransomware's encrypting feature is secure comparatively and unlikely of being crackable by a third-party.

The Princess in Charge of a Mining Expedition

While the authors market it to affiliate criminals on Russian-language dark Web forums, the Princess Evolution Ransomware also is live and in distribution. Malware researchers are finding at least one case of the Princess Evolution Ransomware's installation exploits – employing a combination of corrupted advertising and the RIG Exploit Kit – also bundling a separate threat: a cryptocurrency-mining Trojan. Cryptocurrency miners can abuse the infected PC's hardware for creating money for an unauthorized third-party's account and have the potential for causing permanent, overheating-based damage.

A Bitcoin miner Trojan could cause system instability and strange allocation of resources like the CPU, whereas a file-locker Trojan, such as the Princess Evolution Ransomware, includes even more visible symptoms, such as stopping your media content from opening. Creating backups on secure devices can keep your files safe for restoring after dealing with a Trojan infection. Many, credible anti-malware programs also are capable of deleting the Princess Evolution Ransomware safely for stopping any further encryption attacks.

The EK-based attacks for dropping the Princess Evolution Ransomware are, likely, only the beginning of a series of future issues involving this RaaS family. PC users browsing the Web should remember that, when criminals work under affiliate models, the results can be a multitude of new ways for Trojans to get onto your computer.

Loading...