Home Malware Programs Ransomware TRAPGET Ransomware

TRAPGET Ransomware

Posted: September 24, 2020

The TRAPGET Ransomware is a file-locking Trojan that's part of the Russian NEFILIM Ransomware family. The TRAPGET Ransomware attacks may compromise business entities preferentially and hold their servers' files for ransom by encrypting them. Users with backups have alternative recovery possibilities, and most Windows anti-malware services should delete the TRAPGET Ransomware after automatic detection.

A Trap Baited for Companies with Lackluster Data Redundancy

Hackers may come from anywhere, but Russian dark Web resources have a close connection to Ransomware-as-a-Services and similar encryption-and-extortion attacks. Consequentially it's not unusual for a Russian family of Trojans, the NEFILIM Ransomware family, to rise back into significance. Although NEFILIM Ransomware is an almost negligibly-sized family, contrasted to others like STOP Ransomware or even Scarab Ransomware, its constituents, like the TRAPGET Ransomware, are more than adequate examples of Trojans with data-sabotaging features.

The TRAPGET Ransomware is a Windows program and uses a typical encryption feature for blocking files of formats that the attackers specify, such as the archetypal documents, spreadsheets, databases, pictures, audio, archives and other digital media. The attack includes adding an extension to their names, specific to this campaign, but without removing the last extension (for example, 'a-picture.bmp' to 'a-picture.bmp.TRAPGET'). However, the name addition isn't responsible for the file-locking behavior, a byproduct of the file's internal data conversion to an encrypted and illegible format.

The TRAPGET Ransomware also creates a text file for the victims and uses a general message that's traditional for the NEFILIM Ransomware family. It includes the usual, misleading bluff of 'military-grade' encryption,' and offers TOR anonymous website links to a premium decryption solution. Although the TRAPGET Ransomware specifies a 'company' as the recipient of the attack, this detail might be a holdover from the message's template; in any event, the encryption feature is equally damaging to digital media of users at home or business entities.

Keeping Trojan Traps from Biting Too Deeply

File-locking Trojans from the NEFILIM Ransomware family have few attacks that make them stand out against other Ransomware-as-a-Services and custom Trojans. Instead, malware analysts emphasize a less-obvious detail: the attackers often use signed digital certificates in their Trojan-distributing exploits. Signatures from official companies may provide a Trojan installer with enough disguise for evading some security solutions, especially out-of-date ones.

Company employees should be wary of any e-mail attachments with questionable content, macros and 'advanced' content requiring manual activation. Admins should double-check passwords for vulnerabilities that could invite attackers using brute-force techniques for hijacking accounts. There also is a possibility of the attacker's modifying Intranet or proxy settings. However, malware experts don't see this behavior in every case (as per the TELEGRAM Ransomware or the OFFWHITE Ransomware, from the same family).

Backups on other systems that aren't at risk from file-locking Trojans will give both businesses and individuals a cure-all to encryption attacks. Users also can update their cyber-security products' databases to remove the TRAPGET Ransomware regularly as promptly as possible.

The TRAPGET Ransomware is just what it sounds like: a trap that's sprung on anyone foolish enough to walk into it. In the case of a business, NGO, or even a government entity, the path can be nothing more than using a terrible password and paying for it later.

Loading...