Home Malware Programs Ransomware Twist Ransomware

Twist Ransomware

Posted: February 8, 2018

The Twist Ransomware is a Trojan that locks your files for forcing you into paying its ransom. The content types most often affected by these attacks include personal and work-related media, such as spreadsheets, documents, pictures, movies and music. Anti-malware products of most brands should prove themselves capable of removing the Twist Ransomware as soon as it attacks your PC, but recovering any already-locked content may require you having a previous backup.

The Next Threat that's Twisting Your Files into Distorted Shapes

A Trojan referable by nothing more than its choice of extension is starting to demonstrate evidence of a file-ransoming campaign in progress currently. The Twist Ransomware includes some circumstantial formatting and features with similarities to the entries in the Globe Ransomware's family, although malware experts have yet to verify any part of the Twist Ransomware's ancestry. What they can determine with surety is that this Trojan can block files permanently and does so with the intent of profiting from it financially.

The Twist Ransomware is using uncertain infection methods, but most file-locking threats arrive by exploiting e-mail attachment-based dropping mechanisms, such as an exploit that's hidden in a corrupted PDF document. The Twist Ransomware follows up its installation by searching the PC for files in various folders that it can lock by encrypting them. As per its name, the Twist Ransomware also provides an extension for each of these files without erasing the original ones (for instance: 'kitten.jpg[twist@airmail.cc].twist'). As usual, malware analysts can verify that the Trojan is including Microsoft Office data in its attack, such as Excel spreadsheets and Word documents, although it also may harm 'recreational' formats such as MP3s.

Even though the Twist Ransomware doesn't damage the operating system intentionally, the above attack can eliminate the users' access to their digital media. Besides the actual encryption, which uses a still-unknown algorithm, the Twist Ransomware also appends an ASCII hex-based marker and prepends a customized ID for the victim.

Don't Fall for the Twist in a File-Locking Infection

The Twist Ransomware generates a simple, Notepad text file for instructing its victims on recovering their media. However, this message contains only two pieces of significant information: the custom-generated ID tag, and an e-mail address through which to contact the threat actor. The cybercrooks often refrain from delivering the upfront details of these ransom negotiations so that they can maximize the profitability of negotiating with any, individual victim, and almost always use non-refundable mechanisms such as cryptocurrencies. Malware experts don't recommend paying, especially until you attempt all alternatives, such as a variety of free decryption programs.

The infection methods for file-locking threats are, primarily, preventable by standard PC security practices and software. Patching your software reduces the vulnerabilities that drive-by-downloads might exploit, scanning downloads will detect most threats capable of installing this Trojan, and anti-malware programs may block or remove the Twist Ransomware outright at any stage of infection. Malware experts also recommend backing up anything that's irreplaceable, especially for formats that are preferable targets of encryption attacks, such as Word documents.

Since the Twist Ransomware's cryptography requires further analysis, victims may wish to be careful about deleting any samples that might be of use to the cyber-security industry. While the Twist Ransomware is a mystery not yet surveyed in full, its attacks are likely to cause grief to anyone not paying attention to preserving their files.

Related Posts

Loading...