See_read_me Ransomware
The See_read_me Ransomware is a file-locking Trojan and variant of the Adhubllka Ransomware, which conducts similar, encryption-based attacks. Along with blocking files, it creates a text ransom note that promotes its TOR data-unlocking service and inserts new extensions into files' names. Appropriate backups will mitigate all data loss sufficiently, and cyber-security products can prevent infections or uninstall the See_read_me Ransomware.
Small-Time Trojans Back for Second Servings
As a semi-noteworthy event in the threat landscape, another single Trojan starts up a possible family, with the Somali-like Adhubllka Ransomware splitting off into the See_read_me Ransomware. Unlike most such cases, malware experts find no connected Ransomware-as-a-Service. An essential part of the payload, the ransom message, also is very different between the two Trojans. However, the See_read_me Ransomware plan of attack and motivations are the same as the original.
The See_read_me Ransomware's appearance dates to two months after the creation date of the earliest samples of the Adhubllka Ransomware. Like that Trojan, it uses an encryption routine – possibly secure from third-party solutions – for blocking the user's digital media files. This data sabotage is most likely of harming documents like DOCs or PDFs, pictures like JPGs or BMPs, audio like MP3s, or archives like ZIPs. In all cases, the Trojan also adds its extension, which 'helpfully' directs victims to the 'Read_Me' text file.
This ransom note is very different from the earlier one and uses a more widely-known, 'professional' formatting for the instructions. Unlike the Adhubllka Ransomware, it also uses an anonymous TOR site instead of an e-mail, suggesting more infrastructure work from the threat actor. Malware experts have no current information on the ransom's cost or currency, but paying for data recovery tends to backfire on most victims of file-locking Trojans.
What Happens to Those Who Do What Trojans Demand
The simplicity and directness of the See_read_me Ransomware's ransoming arrangement don't mention many of the dangers involved in paying. Malware experts sometimes see attackers returning fake 'unlocked' files that are installers for other threats, such as backdoor Trojans. There also is the more usual problem of criminals not giving any help after getting their money or providing a decryptor that corrupts the files permanently.
Strongly-secured and updated backups on other devices are, by far, the most practical solution to file-locking Trojans of all kinds. Some users may consider providing samples to reputable researchers for investigating a decryption possibility but never should place their only hopes in it. Infection prevention also is crucial for any Windows user and ranges from avoiding illicit downloads like game cracks to disabling document macros and browser scripts.
Without any evidence of how it's circulating, the See_read_me Ransomware's campaign should be presumed active and in the wild by any traditional infection vector. Anti-malware services can shore up defenses by blocking installation exploits or removing the See_read_me Ransomware from compromised systems.
The See_read_me Ransomware takes old software and remakes it with an additional layer of traditionally-dependable extortion demands. The polish might seem like a superficiality, but it's just another aspect of making money for criminals sabotaging data servers and home PCs.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.