'sup24@rape.lol' Ransomware

The 'sup24@rape.lol' Ransomware is a file-locking Trojan with a close relationship to the VegaLocker Ransomware and its ancestor, the 'sprosinas@cock.li' Ransomware. Like them, the 'sup24@rape.lol' Ransomware launches data-blocking attacks that can encrypt documents and other media before it leaves a Russian-language ransoming note. Since there isn't a free decryptor for this threat's family, the victims will require backups for repairing their files but should, first, use an anti-malware product when removing the 'sup24@rape.lol' Ransomware.

A February's Trojan is Asking You 'Sup'

Another version of the VegaLocker Ransomware, a file-locking Trojan that borrows the Scarab Ransomware's ransoming message but not its code, is being pointed out by Russian cyber-security researchers. Since this family is minuscule, the existence of the new the 'sup24@rape.lol' Ransomware is a potential landmark moment that shows that threat actors are continuing to work on both modifying and deploying these threats. While malware researchers require more samples for a deep analysis of its campaign, the 'sup24@rape.lol' Ransomware is operating under a traditional 'lock-and-extort' business model.

The 'sup24@rape.lol' Ransomware, which targets Russian PC users but may harm the files of Windows systems in other nations, uses a secured AES algorithm for blocking content that can include different formats of documents, pictures, archives, audio, and other, general-purpose media. One difference of behavior that the 'sup24@rape.lol' Ransomware and its relatives display in this process is that they don't add any visual signifiers, such as ransom-themed extensions, onto the names of what they block. Otherwise, the attack is similar to that of Hidden Tear, Scarab Ransomware, and other, file-locking Trojans that malware experts held in analysis previously.

While this attack forms the core of the 'sup24@rape.lol' Ransomware's ransoming leverage, malware experts also associate other data-related issues with infections. The 'sup24@rape.lol' Ransomware may wipe several formats of backups, including the Shadow Volume Copies, which denies the users any default, Windows recovery options for their files. Additionally, virtual environments, such as sandboxes useful for analysis or security, may prevent the 'sup24@rape.lol' Ransomware's launching, which the users can implement as defensive measures, although, for the 'sup24@rape.lol' Ransomware, the limitation is for slowing any AV industry analysis.

Giving New Changes of Trojans the Same, Old Treatment

The 'sup24@rape.lol' Ransomware's file-encoding mechanisms are secure against any immediately-discernible means of third-party decryption. Users should, in turn, protect any media of significance by backing them up onto locations that aren't available to the 'sup24@rape.lol' Ransomware or other franchises of file-locker Trojans, such as a free USB stick. Using good passwords for stopping brute-force attacks, disabling browser scripts, and avoiding unsafe e-mail attachments are appropriate protections for this category of threats similarly.

When the 'sup24@rape.lol' Ransomware completes its file-locker routine, it also drops a ransoming message in Russian with text that it borrows from the much more numerous Scarab Ransomware family. The ransoming instructions therein may or may not result in a genuine decryptor for any victims although malware experts don't discourage using the free sample offer. Anti-malware products of various brands should block or delete the 'sup24@rape.lol' Ransomware safely in addition to the possibility of protecting your PC with a virtual environment.

The 'sup24@rape.lol' Ransomware's e-mail address changes may not seem important to casual readers, but this family's growth is a moment of confirmation for its viability as an illicit business. Windows users who don't lock their files up first could find other programs doing the locking for them.