Home Malware Programs Ransomware Target777 Ransomware

Target777 Ransomware

Posted: December 27, 2018

The Target777 Ransomware is a file-locking Trojan and a possible variant of 2017's Defray Ransomware. Its campaign uses heavily-customized infection vectors that include granting a remote attacker backdoor access to the targeted server, along with blocking files by encrypting them. Most anti-malware programs should remove the Target777 Ransomware securely, and proper attention to your backup security can protect your media from being ransomed.

Which Company is this Trojan's Next Target

The Defray Ransomware or Glushkov Ransomware has kept its head down, relative to wider-distributed threats like the impossible-to-miss Hidden Tear family. Nevertheless, just in time for the last days of 2018, the victims are coming forward with reports of a new Trojan that's high in similarity to these old threats. The attacks are deploying through targeted methods, just like the Defray Ransomware, although with a new name for the threatening software: the Target777 Ransomware.

Besides the infection strategies being similar between the Target777 Ransomware and its likely ancestor, the Target777 Ransomware also creates similarly customized ransoming messages and uses the same formatting for its extension additions. All three elements of the Target777 Ransomware's campaign carry customizations that are specific to the victimized entity in question – for example, the ransom note will include the name of the company whose files are under ransom. The changes to the files' extensions include similar, albeit abbreviated references. However, the Target777 Ransomware also displays a consistent '777' string, in addition to its other changes on the hostage media.

Malware experts are nailing the Target777 Ransomware down for using the widely-favored encryption method of AES with a second layer of RSA obfuscation, which efficiently blocks media files like documents or pictures, and then protects the key that it generates with another encryption step. The direct decryption and unlocking of these files with free utilities is not a likely event, since the original Defray Ransomware is uncracked, and malware experts find no new vulnerabilities in this version of the file-locker Trojan's payload.

Sidling Out of the Target777 Ransomware's Targeting Range

The Target777 Ransomware's threat actors are targeting business entities and similar, server-based victims that have a high potential for paying significant ransom amounts, although no information is available on how much they're asking for, at this date. Attacks may be brute-forcing network credentials, such as default account and password combinations. They also could abuse e-mail spam for tricking users into opening malicious documents containing an installer for this threat.

Besides the immediate threat to the server's files, malware experts are confirming the presence of additional attacks, due to the threat actor's accompanying backdoor access. The Target777 Ransomware infections are likely of coinciding with the non-consensual deleting of backups and the deactivating of some security tools, such as popular anti-virus software. Even though most anti-malware products should remove the Target777 Ransomware securely on sight, they can't protect a server from a criminal's exerting manual control, which requires disabling all network connections immediately.

Customizing a Trojan's features to one's victims shows that the Target777 Ransomware's authors have more than a little time on their hands for taking any company and employee-specific details into account. Users believing themselves vulnerable shouldn't content themselves with 'fire and forget' backup solutions, which may be just as easily compromised by the Target777 Ransomware's threat actors as the average Windows Restore Point.

Loading...