Starbax@tutanota.com Ransomware

The Starbax@tutanota.com Ransomware is a member of the RotorCrypt Ransomware family of file-locking Trojans. The Starbax@tutanota.com Ransomware may block your files by encrypting them with an RSA-based cipher, change their names or add extensions, as well as drop different ransom notes. Malware experts recommend saving backups of your work since this family may not be decryptable for free, and having anti-malware programs block or delete the Starbax@tutanota.com Ransomware for your PC's safety.

A Trojan Star is Born

Threat actors are disseminating a new version of the RotorCrypt Ransomware, a Trojan with a history of rotating through numerous contacts while keeping a consistent, unbreakable encryption methodology for attacking the files of the PCs that it infects. The new release, most likely under the management of new threat actors, uses an unusual filename-editing format, but, for any victims, its ability to damage and lock files irreversibly, still, is its more important function.

Various con artists have used different versions of the Starbax@tutanota.com Ransomware for attacking business entities in Russia, with probably infection strategies including both targeted attacks against network logins and forged e-mail messages that carry corrupted attachments. Although the RotorCrypt Ransomware family is old, the Starbax@tutanota.com Ransomware is only identifiable since March of 2018. Readers should note that, unlike many file-locking threats, the Starbax@tutanota.com Ransomware and its relatives may not always generate text messages or pop-ups asking for money after blocking your files.

The Starbax@tutanota.com Ransomware's more unusual feature is how its threat actor is appending extensions, which lets the victim identify the 'hostage' media, as well as follow the contact information for the ransom negotiations. Although the Starbax@tutanota.com Ransomware does include an e-mail, it also adds two, other blocks of information that it separates with dashes. The first string only says 'Revert Access,' while the second refers to a business management company. Readers should note that malware experts are seeing no indications that the latter is symptomatic of the organization in question having any ties to the Starbax@tutanota.com Ransomware. Its administrators may be modifying these last details corresponding to particular targets.

Pulling Your Files out of the Latest Trojan Machinery

As a new version of the RotorCrypt Ransomware, the Starbax@tutanota.com Ransomware is unlikely of having a compatible decryptor available to the public without charge. Other members of the RotorCrypt family, such as the 'Blacknord@tutanota.com' Ransomware, are impervious to casual decryption efforts equally, without the presence of bugs between variants. For most file-locking threats, malware experts advise that PC users keep secure, updated, and network-segregated backups of their files to provide a non-ransom-based recovery method.

The Starbax@tutanota.com Ransomware's family also is notable for targeting business entities and its associations with the Ransomware-as-a-Service style model for distribution, which opens the Trojan up for installation by different threat actors. Malware experts advise scanning all e-mail attachments with appropriate security software especially, due to the high frequency of abuse associated with file-locking Trojans, and other threats. Most anti-malware programs should catch and remove the Starbax@tutanota.com Ransomware immediately and prevent the encryption-based data loss.

The Starbax@tutanota.com Ransomware is a small case of a Trojan doing things differently in ways implying that its threat actors have a particular familiarity or interest in some companies more than others. Being a business entity in regions already at risk from Trojan campaigns particularly is often painting a target on your data that users should compensate for with increased protection.