Termite Ransomware
The Termite Ransomware is a file-locking Trojan that holds your digital media for ransom until you buy its decryption key, as well as having some cryptocurrency-mining functionality. The threat's characteristic symptoms also include adding 'aaaaaa' extensions and creating a pop-up window that contains an Anonymous logo. Recover your blocked files from backups, if need be, and use proper anti-malware products for uninstalling the Termite Ransomware from Windows safely.
A Hybrid Bug that's Digging into Your File Data
Although it's traditional for a new, file-locker Trojan to owe its existence to updates of an old one, some threat actors take the efficient re-purposing of resources to new extremes. The Termite Ransomware is a particularly derivative threat of this category that combines the code and features of at least three, distinct programs: a Chinese file-locking Trojan, an English on and a cryptocurrency-mining tool. The result is a Trojan that drops ransoming messages, backs up the ransoming attempt with locking the user's files and mines for additional money in the meantime.
Although its ransoming message references Apple's iOS (see below), the Termite Ransomware is a Windows program built off of the combined features of the Chinese XiaoBa Ransomware, the SmartRansom Ransomware, and, possibly, other file-locker Trojans' projects. It runs an AES-based, file-locking routine that blocks documents, spreadsheets, archives, pictures and other data on your computer. Regarding the mining attack, malware experts note that the Termite Ransomware drops CoinMiner, a cryptocurrency-creating program that the threat actor configures for using the infected PC's hardware for automatic money generation.
The Termite Ransomware also creates pop-ups for displaying its ransoming demands in a Chinese text, which is illegible on PCs without the appropriate language settings. The title of the window, in some variants, warns of an 'IOS hacker issue,' and all versions of the Termite Ransomware use the message along with the icon referencing the Anonymous hacker-activist organization. There is, as usual, no evidence of the Termite Ransomware's having any connections to real Anonymous operations or members.
Calling Off an Infestation's File Feasting
The Termite Ransomware uses a simple Registry exploit for staying persistent in the system and can launch whenever Windows boots. Safe Mode should let users open Windows without loading the Termite Ransomware, its mining component, or the pop-up that may block the rest of the interface. Mining software can cause hardware damage when it's running for prolonged periods, along with general instability issues. Accordingly, malware analysts advise disabling the Termite Ransomware before attempting any other solutions, including saving your media.
While victims may try recovering their files from a default backup, equivalents that the user saves to another, secure device are traditionally more reliable for restoring harmfully encrypted data. Since the Termite Ransomware uses a simple, AES encryption routine, it also may be compatible with a free decryption utility, and victims without other recourses could contact experienced cyber-security researchers for their help. Anti-malware programs are having no problems with detecting this threat and should delete the Termite Ransomware at will.
Some variants of the Termite Ransomware use fake XLS, or Excel spreadsheets, for circulating their installation executables. Since an extension isn't always an accurate identifier for a file's nature, users may want to start scanning any odd e-mail attachments, or other downloads, before trusting in them.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.