Winsecure Ransomware

The Winsecure Ransomware is a variant of the Bitshifter Ransomware, a file-locker Trojan, and a spyware program that can collect confidential information while, also, preventing your files from opening. Standard protections against these classes of threats require keeping backups on other devices and changing your passwords after disinfecting your PC. While it uses various disguises for infecting new computers, most anti-malware programs should detect and delete the Winsecure Ransomware.

A Past Trojan that's Back in a Flash (Update)

The Bitshifter Ransomware, a Trojan whose most significant features involve a WebSocket-exploiting C&C network and some data-collecting attacks, is getting its first variant that malware experts are confirming: the Winsecure Ransomware. Unlike the early versions, the Winsecure Ransomware doesn't distribute itself through fake gaming software and swaps this tactic out for one that pretends its executable is an update for Adobe's Flash Player. Users convinced by the Trojan's icon and forged credentials are extorted for Bitcoins while their files are kept captive.

The Winsecure Ransomware uses the typical choice of 128 or 256-bit AES as its cipher for locking files on compromised Windows PCs and may attack text documents, pictures and other media formats. After finishing the locking of this media, it creates two, separate ransom messages: an HTML Web page, and a much shorter summary in a TXT file. Both of these notes ask for just over three hundred USD in the Bitcoin cryptocurrency for giving back a full decryption service (there also is a no-charge 'demo' for three samples). While they use English, malware experts see evidence that this language isn't the native one of the unidentified threat actor.

The Bitshifter Ransomware family also includes other risks for the privacy of the PC. Malware experts find it likely that confidential information, especially passwords and the contents of any cryptocurrency wallets, could be subject to theft by the criminal who's controlling the Winsecure Ransomware's C&C server. From the current trends in the Black Hat software industry, spyware-based attacks are unusual additions to the payloads of most file-locking Trojans.

Shifting Your Files Out of Harm's Way

The fake Flash updates of the Winsecure Ransomware installers could circulate over compromised advertising networks or corrupted websites pretending to be affiliates of Adobe. In similar attacks, malware experts also find connections with threats like the Nebula Exploit Kit, which use software vulnerabilities for compromising the at-risk PCs. Disabling scripts, updating software when it's appropriate, and avoiding unsafe or unidentifiable download resources can reduce the individual's chances of exposing themselves to these infection vectors.

There is no decryption utility for the public that's compatible with either the old versions of the Bitshifter Ransomware or the new the Winsecure Ransomware variant. Because of the risk of the encryption not being reversible, malware experts advise backing up any critical work or private media to USBs, DVDs, or cloud-based storage options. A good majority of anti-malware applications also are uninstalling the Winsecure Ransomware and detecting this threat automatically and can keep your files safe from any initial infection attempts.

It's not knowable as to whether the Winsecure Ransomware is another threat actor's pet project or an update of the Bitshifter Ransomware that's due to the long-term work of the first author. What's definite is that there are more reasons daily for not ignoring securing your files by copying them somewhere that's more private than a PC with Web-browsing access.