Home Malware Programs Ransomware Rush/Sanction Ransomware

Rush/Sanction Ransomware

Posted: March 22, 2016

Threat Metric

Threat Level: 10/10
Infected PCs: 84
First Seen: March 22, 2016
OS(es) Affected: Windows


The Sanction Ransomware is a Trojan that encrypts your personal or work-related data and asks for Bitcoin payments for undoing the encryption. Since there are no free decryptors currently available for the Sanction Ransomware, malware experts emphasize the proper usage of backups for limiting any damages its payload might cause. Whether or not you can restore any information impacted by its attacks, you shouldn't hesitate to remove the Sanction Ransomware with anti-malware software, like any similar, equally high-level threat.

The Trojan Sanctioning Taking Your Files Away from You

Con artists have shown various degrees of interest in different methods of collecting money from victims affected by their threats. In the simplest of circumstances, a Trojan may cause some form of damage to your PC, and change file names to promote an e-mail address through which negotiations can take place. Other threats, like the Sanction Ransomware, prefer offering a more sophisticated means of ransom demands, with interactive pop-up windows and advanced UI components.

However well thought out its ransom collection method may be, the Sanction Ransomware still is reliant on typical file encrypting attacks for providing an original incentive for its victims to pay. The Sanction Ransomware targets non-critical files on your hard drive, such as images, audio files, spreadsheets or Microsoft Office documents. The Sanction Ransomware then runs them through an encryption routine, similar to that used by a file compressor (like WinZip). Unlike legitimate file encryptors, the Sanction Ransomware doesn't offer the PC user a free means of restoring their data to the original format. Instead, they're asked to pay a Bitcoin ransom (currently over a thousand USD in value) for getting the decryption service from the Sanction Ransomware's authors.

In comparison to other, equally threatening file encryptors, malware experts see the Sanction Ransomware emphasizing ease of use for its ransom payments. Its ransom message, an HTML pop-up, includes various fields for helping facilitate the ransom transaction process, culminating in a 'click to send decryption request' button. The accessibility of this process could lead more victims than usual into paying the Sanction Ransomware, although there still is a significant chance that con artists may collect the money without decrypting the data.

Preventing Bitcoin from Being a Sanctuary for Encryptor-Based Ransoms

Despite placing its victims under a strict time limit before supposedly deleting its decryption key, the Sanction Ransomware puts your information at risk without guaranteeing that the Sanction Ransomware can provide any services related to undoing its attacks. Until experts in the PC security industry distribute a free decryptor for this threat, malware experts place the most emphasis on using backups that can make the possibility of decrypting any files moot. Backups kept on habitually disconnected, removable drives, or cloud storage accounts, rarely are targets of attacks by file encryptors like the Sanction Ransomware. However, local backups and backups through easily-accessed network-shared drives may be vulnerable to encryption or deletion.

Most file encryptors prefer using e-mail-based infection vectors. Your anti-malware products can scan attachments accompanying new messages that may be capable of installing the Sanction Ransomware with a concealed Trojan dropper or exploit. In other circumstances, browser-based security features may be needed for blocking threatening Web content that could compromise your PC. Infection methods aside, you always should prioritize deleting the Sanction Ransomware with proper security software before restoring any encrypted files.

Loading...