Ranssiria Ransomware
The Ranssiria Ransomware is a variant of the WannaPeace Ransomware, a Trojan that locks your files with encryption while asking for ransoms for the unlocking solution. Unlike the first Trojan, the Ranssiria Ransomware uses a slightly different method of concealing its attacks and themes its ransoming components as being a supposed donation service for alleviating the Syrian refugee crisis. Users should continue backing up their files, rejecting the extortion instructions, and using anti-malware products for uninstalling the Ranssiria Ransomware securely.
Trojans Putting a Price on Peace
A new version of the WannaPeace Ransomware is starting to see finalized development and some live traffic through its Web-facing ransoming components, which use sympathy over the turmoil in Syria to generate money. The variant in question, the Ranssiria Ransomware, may or may not be in deployment actively, but has a workable data-encrypting routine, which its authors conceal behind a fake Word screen. This change from the WannaPeace Ransomware's PDF-based tactic suggests that the threat actors are using Word documents, such as via e-mail attachments, for compromising their victims.
The Ranssiria Ransomware uses a version of Portuguese suggestive of its attacking Brazilians, similarly to the WannaPeace Ransomware. While the Ranssiria Ransomware opens the distracting DOC text file, it also searches for documents, pictures, and other media for encrypting and locking. The second half of its payload transitions to displaying a warning screen that includes a timer, a variety of content related to exploiting sympathy for Syrian refugees, and a set of Litecoin ransoming instructions.
The Ranssiria Ransomware is neither the only Trojan to solicit Litecoin payments nor the first one to use Syrian politics for extortionist goals. Hidden Tear's Trojan Syria Editi0n Ransomware and the Popcorn Time Ransomware are two other examples, besides the original WannaPeace Ransomware, of similar, file-locker Trojans capable of abusing political themes for their threat actors' profits.
Keeping Your Files from Being Pulled into a Syrian Conflict
The multiple social engineering exploits that the Ranssiria Ransomware employs for hiding its intentions and technical features aren't highly innovative but may be efficient at causing its victims to pay before considering the reality behind its campaign. Because there is no current decryptor freely available for either the Ranssiria Ransomware or the original WannaPeace Ransomware, users should keep backups that preserve their files from localized, data-encrypting attacks. Although Windows does store the Shadow Copies that not all file-locking Trojans erase, their existence is unreliable for restoring digital media in these circumstances.
Spam e-mail is one of the top means by which file-locking Trojans like the Ranssiria Ransomware compromise their victims' PCs, but not the only method that's available. Other strategies may use bundling with torrents, exploit kits that install software automatically, or even brute-force attacks against a specific server or network. Minding your network's security settings, updating all of your software, and allowing your anti-malware tools to detect and delete the Ranssiria Ransomware preemptively continue being the most relevant forms of defense.
Giving the Ranssiria Ransomware the cryptocurrency that it wants doesn't help Syrian refugees, and may not even get you back your files. There are no guarantees with Trojan attacks, which is why taking steps for protecting your work beforehand is vital for maintaining peace on your hard drive.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.