SONIC Ransomware
The SONIC Ransomware is a file-locking Trojan that's a spinoff of the VegaLocker Ransomware. The SONIC Ransomware includes the encryption and ransom-based features that are usual for its class of a threat, along with other attacks, such as anti-security and anti-system analysis features. Windows users should save backups to at least one other device for recovering and let their anti-malware software remove the SONIC Ransomware when it's detected.
This New Build of an Old Trojan Has 'Gotta Go Fast'
The small, erstwhile quiet family of Trojans that includes members like the VegaLocker Ransomware and the '.jamper File Extension' Ransomware is finding itself more extensive slightly than before. This Trojan family is mostly of note for Russia-related campaigns, which is why it's no surprise that a Russian cyber-security researcher is the first to spot the SONIC Ransomware. The variant has few changes, as far as malware analysts can tell, but provides yet another source of encryption for endangering files.
The SONIC Ransomware, like most Trojans of the type, uses encryption to convert media files (documents or pictures, for example) into non-opening equivalents. The SONIC Ransomware also inserts additional markers into the data, which provides one of the identifying cues of its relationship with VegaLocker Ransomware. After the conversion, it appends 'SONIC' extensions into their names.
This attack, while quite effective at locking most users' content, is typical of nearly all file-locker Trojans. What modern versions of the SONIC Ransomware's family have to offer above and beyond the baseline is a bevy of features for avoiding analysis. The SONIC Ransomware may uninstall itself, delete system logs, suppress system boot-up errors, and disable Windows features for repairing the OS or one's media. It also includes a Restore Point-deleting element that denies the most basic recovery solution for average Windows users.
A Defender of Naught but Illicitly-Gotten Wealth
The SONIC Ransomware's samples are using suggestive names for their executables. The 'Defender' filename is highly implicative of the Trojan's faking the identity of the Windows Defender, one of the most prominent AV solutions. Users can avoid falling for tactics of this nature by double-checking Web addresses and acquiring all their Windows updates from authorized sources.
It's possible that the SONIC Ransomware's author is using other means of circulating the Trojan equally, including manual ones. Network administrators should monitor their credentials for vulnerabilities, close ports that aren't required to be open, and disable RDP whenever possible. No decryption options for the SONIC Ransomware remain available to the public, save for the inadvisable gamble of paying its ransom.
As Windows remains one of the most lively platforms for software, it also stays open to attacks by Trojans targeting media output. The SONIC Ransomware is just a symptom of a problem that includes users not taking care of what's theirs, whether it's a login combination or a backup of their work.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.