'slaker@india.com' Ransomware

The 'slaker@india.com' Ransomware is a part of the BTCWare Ransomware family, a Trojan template that threat actors 'loan' to third parties for deploying under different specifications, such as changing their ransom addresses. As a file-locking Trojan, the 'slaker@india.com' Ransomware can disable your access to some digital media types and create messages demanding money for their safe return. Users are recommended to delete the 'slaker@india.com' Ransomware with an anti-malware product with high-detection rates against other BTCWare Ransomware variants.

Old Threat Practices Marking Off the Year's End

As 2017 comes to a close, threat actors who use file-locking threats are showing little to no inclination to change their tactics for attacking users. In particular, Ransomware-as-a-Service continues doing its intended work of allowing vast chains of cybercrooks with different goals, preferences, and techniques all the ability to deploy very similar types of Trojans. Some of the best evidence of such activity lies with the BTCWare Ransomware family, whose newest RaaS variant is the 'slaker@india.com' Ransomware.

The 'slaker@india.com' Ransomware's main installer is a portable, 32-bit Windows executable. An uninterrupted installation lets the 'slaker@india.com' Ransomware launch a combination of encryption and ransom note-creating attacks similar to those of the Aleta Ransomware, the Blocking Ransomware, the Crptxxx Ransomware, the Master Ransomware or the Shadow Ransomware. The data-enciphering attack is the most serious of these features due to being able to encode and lock various files, such as Word or PDF documents, JPG or GIF pictures, archives, spreadsheets or music.

The Trojan also adds its bracketed e-mail address and a wallet ID to the ends of the names of every file it blocks. Like other BTCWare Ransomware versions, the 'slaker@india.com' Ransomware creates ransom messages (usually, text content in the 'INF' format) to inform any victims on how to transfer money to the wallet in return for using the data-decrypting feature. Paying the ransom usually should be considered as a final resort for users without any less risky solutions such as restoring the blocked content from a backup.

Keeping Trojans from Spoiling the Holidays

Since many threat actors can pay for using minor divergences of a single RaaS family, all Trojans of this type have a built-in adaptability in how they campaign and distribute themselves. Possible infection methods for the 'slaker@india.com' Ransomware may include:

• Spam e-mails may arrive with attached installers, including both fake documents and real ones that carry embedded exploits.
• Miscellaneous downloads, especially illicit or media piracy-related ones, are disguises for different threatening software, including file-locker Trojans.
• Threat actors also attack business networks by using brute-force tools to break non-secure passwords, after which, they might install the 'slaker@india.com' Ransomware automatically.

Malware researchers always recommend sampling free decryption programs for any data recovery that might be necessary from an infection of this category. Although the BTCWare Ransomware's family is compatible with free decryptors, new variants like the 'slaker@india.com' Ransomware may have some updates to their encryption routines. Use anti-malware products for removing the 'slaker@india.com' Ransomware quickly and backups for a low-risk recovery option.

RaaS is a tried-and-proven model of doing business for both experienced and casual threat actors alike. Unless you don't mind the chance of having your files and savings ending up under a cybercrook's Christmas tree, even the busiest of holidays should have time for a quick backup.