Organized cybercrime groups often explode new malware products that could be added to their arsenal. Recently, cybersecurity experts identified a new file-locker called Quoter Ransomware that appears to be linked to the group of criminals behind the RTM Banking Trojan, a threat that displayed remarkable activity in 2020. The Quoter Ransomware is used in combination with the RTM Banking Trojan in attacks that have been taking place since December 2020. The criminals are targeting Russian companies operating in the transport and finance industries, and they usually approach them via cleverly-tailored spear-phishing emails.
The Quoter Ransomware is used as a backup payload in these attacks. The criminals first try to use the RTM Banking Trojan to extract data from the infected system. If their attempt proves to be unsuccessful, they proceed to drop the Quoter Ransomware, which is then used to encrypt the victim's data. After this task is completed, the Quoter Ransomware behaves just like typical file-encryption Trojans – it drops a ransom note extorting the victims for money. The attackers are relying on two extortion types:
- They tell victims that their data is impossible to recover, and they can only recover it through a decryption tool supplied by the attackers.
- They claim to have collected some of the victim's files and threaten to publish them online if the victim does not pay a ransom fee.
It is important to add that the ransom fee, which Quoter Ransomware's creators demand is not ordinary at all. Typically, victims of ransomware attacks are asked to pay a few hundred or a few thousand dollars via Bitcoin, but the Quoter Ransomware is reported to ask for over a million dollars that must be paid via a cryptocurrency transfer. So far, no companies have agreed to pay the ludicrous ransom amount, and, thankfully, the RTM gang has not yet published any collected data online.
Cybercrime gangs are always looking to expand their operations by including new payloads and attack methods, and their potential targets must take the necessary measures to keep their networks protected. The RTM Banking Trojan and the Quoter Ransomware attacks are preventable with the use of suitable security software suites, as well as by ensuring that all company employees are complying with the best safe Web browsing security practices.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Quoter Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.