Home Malware Programs Ransomware reter@keemail.me Ransomware

reter@keemail.me Ransomware

Posted: August 3, 2018

The reter@keemail.me Ransomware is a new variant of the CryptConsole v3 Ransomware, a family of file-locker Trojans. It can change the filenames of media, such as documents, along with encrypting their file data for blocking other programs from reading them. Free decryption software and backups are the two best ways of restoring any files, although users always should have an appropriate anti-malware product uninstall the reter@keemail.me Ransomware, first.

The Third Build of a Trojan Gets Popular with Criminals

One of the most remarkable updates to the CryptConsole Ransomware family, the CryptConsole v3 Ransomware version, is proving itself as being more than viable for threat actors who are interested in locking files in return for ransom money. At the heels of the mirey@tutanota.com Ransomware, malware experts are confirming another variant of the same Trojan, the reter@keemail.me Ransomware. Insufficient samples are available for determining any additional modifications of the original code, and the reter@keemail.me Ransomware's edits may limit themselves to nothing more than the swapping of the e-mail address.

The reter@keemail.me Ransomware's executable may be dropping via manual, backdoor attacks after a remote attacker takes control over the system through the Remote Desktop Protocol – a standard Windows feature. Malware experts advise monitoring any at-risk systems for unusual RDP changes or the presence of fake Windows update executables, the latter of which are a hallmark of the reter@keemail.me Ransomware's family. A successful installation leads to a file-locking encryption attack.

The reter@keemail.me Ransomware's attacks may target locations like the "downloads" folder, or file formats, such as PDFs, DOCs, XLS spreadsheets, MP3 audio or CAD modeling designs. Although the earliest versions of the CryptConsole family have no encryption feature, the reter@keemail.me Ransomware uses the updated release, which encrypts and blocks these files indefinitely. It also drops Notepad TXT notes that tell the user that they should pay a ransom for buying the criminal's decryption service.

Making Sure that the Third Time's not the Charm with Extortion

Paying a criminal's ransom always comes with an associated danger: not getting anything in return for it, since file-locker Trojans specialize in payment methods (such as vouchers or cryptocurrencies) with little to no refundability. Thankfully, the cyber-security industry is providing a free decryption program for the CryptConsole v3 Ransomware variants like the reter@keemail.me Ransomware. Malware researchers also strongly advise copying your media to devices that Trojans can't encrypt or erase, such as a DVD, USB or cloud server.

Some protections against the file-locking Trojan campaigns like those of the reter@keemail.me Ransomware include:

  • Network administrators should use login credentials with low risks for compromise, and always change brute-forcible or default passwords.
  • Users browsing the Web should disable potentially dangerous content on any sites that they don't trust, emphasizing JavaScript, Flash, and other content that exploit kits can abuse in a drive-by-download attack.
  • Unexpected e-mail attachments, as a significant infection vector for file-locker Trojans, always should receive full scans from an appropriate anti-malware program.

The users should uninstall the reter@keemail.me Ransomware with their preferred brand of anti-malware product as soon as possible, after identifying an infection through the characteristic symptoms. However, most security programs should block this threat automatically.

The reter@keemail.me Ransomware's family may owe its current success to its availability, more than to superiority to more costly options, like the Globe Ransomware. Whatever the cause of this favoritism is, anyone without backups has another Trojan to fear.

Loading...