Home Malware Programs Ransomware Ransomnix Ransomware

Ransomnix Ransomware

Posted: August 24, 2017

Threat Metric

Threat Level: 10/10
Infected PCs: 94
First Seen: August 24, 2017
Last Seen: February 11, 2019
OS(es) Affected: Windows

The Ransomnix Ransomware is a Trojan that encrypts your media, specializing in website database files, to hold it for ransom. Threat actors are issuing demands for payment within one week currently, using a crypto currency that isn't refundable without their permission, and malware experts recommend using any other recovery options available to you. Use responsible password management and have anti-malware products for identifying and removing the Ransomnix Ransomware if it tries to install itself through a hidden or misrepresented file.

Blogs at Risk of Ransom

Although the ransom money to collect from such targets remains relatively meager in comparison to targets like a nation's energy sector, bloggers are reappearing in the sights of threat actors who specialize in data-enciphering attacks regularly. Trojans like the Crypt12 Ransomware, the EV Ransomware, and, as of the twenty-first of August, the Ransomnix Ransomware, all make money by holding entire blog sites hostage. This file-encoding software is often introduced and launched by con artists who've already gotten manual access to a website's administrative account.

Prior reports by malware experts confirm the compromise of at least one non-compromised domain, a blog for personal health, although the means of account hijacking remains unreported. Threat actors are most likely using brute-force techniques to break the password and user name combinations of the target accounts, which is especially potent against passwords that are short, simple, or commonly-used (such as 'admin1' or 'password123'). The remote attacker can, then, download and run the Ransomnix Ransomware on the server.

The Ransomnix Ransomware encrypts all website database-related formats and replaces the landing page with a custom one. The new page, which is visible to any visitor, displays a ransom demand for Bitcoin payments to decode and recover your site's pages. The threat actors also implement a time limit of one week and claim to increase the cost daily, although malware experts also noted that some of the message's custom values are blank placeholders.

Stopping the Extortion that Starts at Your URL

Always change passwords and related security data for any account as soon as possible after detecting a potential compromise. Unique passwords with more characters and significant variance (such as numbers and random cases) are less vulnerable than simpler ones to brute-force-based attacks that could give a con artist control over the account. While the Ransomnix Ransomware has no features meant to seed the website, itself, with unsafe content, or otherwise harm the site's traffic, threat actors deploying it could undertake other actions outside of this article's subject matter.

Malware experts have yet to confirm the Ransomnix Ransomware's boast of using the RSA-2048 encryption and recommend having backups to keep your data safe from any attacks without free decryption possibilities. Samples also may be offered to any appropriate security researchers with a history of providing freeware solutions to similar threats like the Hidden Tear and the Globe Ransomware families. Keep your backups inaccessible or accessible only via protected login to avoid any deletion or encoding risks, and use conventional anti-malware products for removing the Ransomnix Ransomware or isolating it.

Most blogs are low-hanging fruit that tempts threat actors into targeting them, due to improper security protocols. A bad password and omitting a backup schedule are poor habits that usually may not matter up until the point where con artists capitalize on them and cash out via the Ransomnix Ransomware and Trojans just like it.

Loading...