Woodrat Ransomware
The Woodrat Ransomware is a file-locking Trojan without any known family or Ransomware-as-a-Service connections. The Woodrat Ransomware blocks media files with encryption and holds them hostage until victims pay the ransom in Monero coins, a cryptocurrency. Users should withhold the ransom and recover from backups if they can do so while having dedicated anti-malware solutions to remove the Woodrat Ransomware infections.
A Rat by Any Name is a Reason for Good PC Security
While malware researchers see no 'true' RAT or Remote Access Trojans in the Woodrat Ransomware, its campaign shows other ways of endangering users whose PCs suffer exposure to this threat. The Trojan is yet another entry into the sub-category of independent, file-locker Trojans, demonstrating the ease of even novice programming in implementing encryption-based attacks. Although it has a few differences from standardized Trojans, the Woodrat Ransomware is a Windows program with an unusually large, nearly six-megabyte installer, comparing to the sub-megabyte executables of the average Ransomware-as-a-Service starkly. Details malware researchers note in its early (possibly test build) samples include non-obfuscated HTTP requests and CMD-based command routines. More tellingly than these minor features, it also wields an encryption routine.
The Woodrat Ransomware's data encryption blocks files of formats that the threat actor selects, with most media like documents or pictures being very likely targets. Identifying the non-opening files afterward is straightforward thanks to the Trojan's adding 'woodrat' extensions without making other modifications to the names.
Its payload includes a traditional, but uniquely-worded ransom note: a text file with English and Chinese instructions. The Trojan solicits victims for Monero payments, instead of the archetypal Bitcoin one, and a flexible price that rises over days to nearly one thousand USD in value. Accordingly, the panicking victims have an incentive for paying before considering other solutions that may not cost money, such as freeware decryptors and the Shadow Volume Copy recovery tools.
Preventing Digital Media from Going Wooden
Since malware researchers haven't confirmed whether or not the Woodrat Ransomware's encryption is secure, third-party recovery isn't out-of-reach for victims who don't rush to pay ransoms necessarily. Still, most file-locker Trojans are secure. Windows users can save backups to other devices as an effective way of removing any extortionist leverage from these attacks, whether they're from an independent campaign, a free resource spin-off or a Ransomware-as-a-Service.
The Woodrat Ransomware's campaign uses uncertain infection methods, but most file-locker Trojans adhere to certain norms for their installation exploits. As a rule, malware experts recommending guarding against attacks from the following sources:
- Illicit downloads (cracks and cheat engines for games, copyright-protected movies, etc.)
- Brute-force attacks against weak account passwords
- E-mail attachments (which may disguise themselves as invoices, security updates or other documents)
Most users can protect themselves effectively by maintaining safe Web-browsing behavior, updating software dutifully, and backing their work up to other storage devices. Trustworthy anti-malware vendors boast solutions that should flag and eliminate the Woodrat Ransomware as a threat.
Besides being an apparently-Chinese dual-linguist, the Woodrat Ransomware has few factors that make it different from, for example, the infamous Hidden Tear. Even so, users taking their files' well-being too laxly can find themselves harshly corrected by 'amateur' Trojans like this one.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.