Zoldon Ransomware
The Zoldon Ransomware is a file-locking Trojan that can keep your documents, pictures, and other media from opening, as well as display pop-up ransoming messages. This threat also makes false claims of it being a computer virus (a program that injects its code into other files for self-replicating purposes) and of being capable of uploading the locked files to the Web. Let an updated anti-malware product delete the Zoldon Ransomware from an infected computer, and always have backups for reducing any chance of long-term file damage from all threats of this type.
Trojans with Spare Threats Backing Up Their Extortion
Since file-locking Trojans come with some degree of bargaining collateral in their attacks inherently, many threat actors are 'honest' and do no more than demanding money for their assistance with the unlocking process. This trend is, however, not universal, and malware researchers are seeing a new and independent Trojan of this classification, which lies for more leverage. The Zoldon Ransomware includes multiple forms of fraudulent claims in its ransom note in addition to the data-encrypting attacks that all file-locking Trojans possess.
The Zoldon Ransomware is a Windows-based program of a slightly larger size than most file-locker Trojans, at one and a half megabytes. Locations at risk of having their files encrypted and locked by the threat include the desktop and all User folders, such as Downloads or Favorites. It doesn't make any filename changes, such as the new extensions that most file-locking Trojans use.
The Trojan finishes with a screen-locking pop-up in an advanced HTML format. Besides giving its Bitcoin-ransoming instructions, the note is significant for identifying the Zoldon Ransomware as being a virus (which it is not), and establishing a seventy-two-hour countdown before the threat actor publishes the user's misappropriated information to the Web. While malware experts are connecting the Zoldon Ransomware's payload with the use of a misappropriated SpyGate RAT logo, they confirm that it doesn't, in reality, upload data or launch any significant attacks beyond the above. The timer is, as it is with most Trojans that aren't variants of the deletion-capable Jigsaw Ransomware, a bluff.
Keeping the Foothold of Fraud from Your Files
The Zoldon Ransomware's disingenuous assertions also include how it distributes itself, as of the last samples that malware experts examined. Its threat actor is circulating the Zoldon Ransomware's installer as a fake Bitcoin-mining application and may have this executable hosted on a compromised website or be using torrenting. Regardless of its name, many anti-malware products are detecting the Zoldon Ransomware appropriately, although most brands haven't developed a specific identification entry for it, and classify it as being a generic Trojan.
Malware researchers haven't reached conclusions on whether or not decrypting any files that the Zoldon Ransomware locks is possible with third-party software. While any victims can ignore the Zoldon Ransomware's timer, their data may remain unusable. Backing it up to other devices, such as detachable USBs or cloud storage can keep your media secure from these attacks. Anti-malware products may uninstall the Zoldon Ransomware for halting the encryption damage safely, although users may require rebooting with a recovery device or the Windows Safe Mode feature, first.
The Zoldon Ransomware offers many reasons to distrust its word but doesn't let that stop it from lying to its victims from multiple angles. Never forget that file-locking Trojans are after profit and have no reasons for being honest about their behavior or the consequences of ignoring their ransoms.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.