Home Malware Programs Ransomware Sadogo Ransomware

Sadogo Ransomware

Posted: April 21, 2020

The Sadogo Ransomware is a file-locking Trojan that encrypts digital media files so that they can't open and creates a ransom demand in a pop-up. Infections also are suspected of being 'cover' for the KPOT Stealer spyware that collects information, such as passwords. Users should respond to this Trojan, as usual, with backups and anti-malware products for guaranteeing the removal of the Sadogo Ransomware's, along with changing passwords and other credentials ASAP.

As if One Trojan Wasn't Trouble Enough

Spyware and file-locker Trojans make unusual bed partners; ordinarily, threat actors interested in extorting their victims don't traffic in data-collecting or spying operations significantly, too. The KPOT Stealer is becoming a recurring exception to the rule, with first CoronaVirus Ransomware, and now, the Sadogo Ransomware, playing the part of a coverup for its theft of information. Unfortunately, whether it's a cover or a primary attack, the Sadogo Ransomware causes just as many file-related problems as Hidden Tear.

Unlike CoronaVirus Ransomware, the Sadogo Ransomware lacks a COVID-19 theme, but its name is a possible callback to a literary character. It uses the time-honored means of 'locking' files through encrypting their data, first, with an AES algorithm, and afterward, securing it with an RSA one. The Trojan also appends an extremely-generic 'encrypted' extension into their names – a symptom it has in kind with Trojans like the SpartCrypt Ransomware, the CryptoLite Ransomware, the Genocheats Ransomware and others.

The Trojan, supposedly, monetizes its attacks with a TXT ransom note, in English, with a link to its ransom-processing TOR site. In actuality, malware experts are determining that the Sadogo Ransomware attacks are coinciding with the KPOT Stealer ones. The KPOT Stealer provides a much more direct means of profiting by stealing passwords, messaging data and even local files.

Rejecting a Two-for-One Deal in Threatening Software

Besides providing another revenue possibility, the Sadogo Ransomware serves a distinct purpose of slowing down cyber-security teams' responses to network infections. Since many file-locking Trojans are final-stage drops without accompanying spyware, users could see the (highly visible) symptoms of the Sadogo Ransomware infections and assume that there are no other threats. Meanwhile, the KPOT Stealer has ample time for exfiltrating credentials, logs, and other data.

Administrators should respond to this threat proactively through maintaining version control for optimizing patch installations, making sure that passwords aren't brute-forcible, and avoiding Internet-open RDP features. Malware experts also point out that the Sadogo Ransomware includes multiple intrusions against Intranet and Web-browsing settings, like the encS Ransomware or the SaveTheQueen Ransomware. These attacks suggest the Trojan's targeting business, NGO, or government networks, but don't translate to a recreational user's PC being invulnerable to the practical effects of the file-locking.

Its unorthodox propagation model necessitates that victims prepare themselves for changing passwords and re-securing other credentials as necessary, and without delay. Reliable anti-malware products should catch and delete the Sadogo Ransomware in time, but can't reverse encryption in cases of the Trojan's unimpeded payload.

The Sadogo Ransomware is the second chapter in a spyware story that's more rambling than usual. When the KPOT Stealer teams up with file-locker Trojans, there's no happy ending in sight for any users who forgets their backups or security standards.

Loading...