Home Malware Programs Ransomware Spade Ransomware

Spade Ransomware

Posted: August 13, 2020

The Spade Ransomware is a file-locker Trojan that's a variant of the Void Ransomware (also identified as VoidCrypt Ransomware). The Spade Ransomware targets Windows systems, locks their media files by encrypting them, and can terminate some applications that interfere with the attacks. Users with backups safe are, as usual, protected, and anti-malware products can defend PCs by removing the Spade Ransomware on sight.

Taking a Spade to the Endless Void of Criminal Greed

A little-known file-locking Trojan referred to in most circles as the Void Ransomware is already splitting off into a variant or update: the Spade Ransomware. Although malware experts can't confirm yet whether the threat is a full-fledged Ransomware-as-a-Service or mere 'freeware, the Spade Ransomware acts just as extortionist as most similar threats. The Trojan is the greatest danger to Windows users and, possibly, the unprotected servers of business entities.

Like the Void Ransomware that came before it, the Spade Ransomware uses encryption for converting media files, such as pictures and documents, into non-opening copies of themselves, and deletes the originals. The Trojan also adds ransom-related information and its extension to their names, afterward, and creates HTA ransom notes (an advanced HTML page) in each directory with these files. These attacks establish a ransoming scenario where the threat demands a Bitcoin payment within one day before the price of the (potentially non-existent) data restoration rises.

Malware analysts also point out that the Spade Ransomware, like most of the Ransomware-as-a-Services of the day, makes generous use of shell commands. It uses these functions for disabling software, such as some security tools and server management applications, that could interfere with its locking of media. Significantly, it disables the default firewall and startup error messages. Its priorities here imply that the Spade Ransomware's campaign is going after business entities and their Web servers' contents.

Digging One's Way Out of a Dark Data Predicament

The Spade Ransomware's attacks may rely on some of the most well-used tactics for breaching servers worldwide: e-mail attachments with plausible disguises as the 'deliverymen,' or brute-forcing. Workers informed on the dangers of document and spreadsheet attachments can protect themselves by scanning their downloads, disabling macro functionality and turning on visible extensions. Admins also should stay up-to-date with software security patches and use strong passwords on their accounts.

Counteracting a file-locker Trojan's assault on data is easily possible for all users, but mostly, in a preventative sense. Those with backups on other systems can recover without consideration for the ransom. The System Restore Points also can be a valid recovery option in the minority of attacks where the Trojan doesn't delete them. Decryption is, usually, limited or impossible for third parties, although users can always check the availability of free unlocking software for threats from well-known families.

Dedicated anti-malware products also remain highly efficient at catching most Trojans with these payloads and will delete the Spade Ransomware.

It's not for nothing that the Spade Ransomware gives a tight deadline on its payment. By putting a countdown on the victim, the Trojan's author hopes that he'll reap monetary rewards – although, as per the usual for criminals, he may give nothing back in return.

Related Posts

Loading...