Home Malware Programs Ransomware TitanCryptor Ransomware

TitanCryptor Ransomware

Posted: November 15, 2018

The TitanCryptor Ransomware is a variant of the Argus Ransomware, a file-locking Trojan that encrypts your PC's media, changes its desktop wallpaper, and sells its decryption help through a locally-dropped Web page. Victims of its attacks should be ready to use backups for recovering their data without paying any ransoms, if possible. However, traditional anti-malware products should delete the TitanCryptor Ransomware safely and impede any attempts at encrypting your files automatically.

A Giant Renamed as It Steps towards Your Files

A new version of the Argus Ransomware is identifiable in threat databases. While malware analysts are finding no exceptional changes in its payload, the variant or sidegrade, the TitanCryptor Ransomware, is more successful than its predecessor at evading threat-detecting heuristics. In other areas, it continues with attacks that can block the contents of your PC's hard drive, tamper with its data storage, and display ransoming warnings in multiple ways.

The TitanCryptor Ransomware is a 32-bit Windows application that is active under a variety of random names, without any certificates or other clues as to how the threat actors are installing it. It uses a hidden encryption routine with secure, AES and RSA algorithms for locking documents, images, and similar media in locations such as your desktop or downloads folder. Any extensions or other, filename-modifying attributes the TitanCryptor Ransomware might be using are not identifiable, at this date.

The payload includes other features for changing the user's desktop to an encryption warning message, delivering an HTML file with ransoming instructions for the criminal's unlocking aid, and, most exceptionally, a free space 'cleaning' function. Malware researchers usually see such a feature in use as a way of removing trace data that advanced recovery products could use for restoring lost files – such as the ones that the TitanCryptor Ransomware is encrypting.

Bringing Big Media Problems Down to Size

The TitanCryptor Ransomware's name and theme may be depending on incidental marketing for Blizzard's 'Warcraft' gaming franchise. However, its distribution could use any of multiple exploits besides pretending that it's a crack or other, Warcraft-related content that's downloadable for free. Most file-locking Trojans use a combination of spam e-mails with misrepresented attachments, brute-force and RDP attacks against servers with poor security, and exploit kits, the latter of which require vulnerabilities available through your browser.

Besides the traditional means of protecting a PC from all of these attacks, such as disabling JavaScript, patching your software and using good passwords, the users, also, should prepare adequate data redundancy strategies. Having backups on other devices entirely will keep the opportunity for a file-locking Trojan to hold your media hostage to a minimum. Many anti-malware programs, still, are removing the TitanCryptor Ransomware as a threat accurately and are recommended as the best solution to infections.

The TitanCryptor Ransomware is a clone of a not-yet-towering threat to media everywhere, and, like the Argus Ransomware, is of note only for its increased emphasis on sabotaging hard drives. With the integrity of a single, network-accessible drive in increasing danger, it's never paranoid to establish a second source of storage.

Loading...