Zorgo Ransomware
The Zorgo Ransomware is a file-locking Trojan that bases most of its code on the pseudo-free Hidden Tear project. Users without backups during an attack may lose digital media such as documents or pictures to its encryption and ransoming attempts. However, many professional anti-malware products will identify and delete the Zorgo Ransomware before the loss of any files.
Stressing the Wrong Target with Faux Server Tools
Hidden Tear has a rich history of enabling criminal behavior from threat actors who can't afford the usual Ransomware-as-a-Service options unintentionally. From the CyberThanos Ransomware and EncoderCSL Ransomware to yesteryear's Yatron Ransomware and Marozka Ransomware, its code is getting re-imagining for attacking innocent PC owners and locking up their files. The common factor between all these variants is, usually, money, as the latest the Zorgo Ransomware also exemplifies.
The Zorgo Ransomware, still, is a Windows program, but not an honestly-named one. Malware analysts are finding samples with descriptive information suggesting that the executable is a Distributed-Denial-of-Service or DDoS tool by the 'StressThem' company. Although such server-crashing products are cheap on the dark Web, they're not free – which gives the Zorgo Ransomware a possible infection vector. Although the guise includes falsified copyright details, there isn't a digital signature (which would be expensive for most threat actors).
The predominant feature of the Zorgo Ransomware is the encryption routine that it burrows from Utku Sen's Hidden Tear. This AES-based attack will convert files into non-opening ones, while also adding 'zorgo' extensions (without taking out the originals). The Zorgo Ransomware then commences an attempt at profiteering by way of a text message that, unprofessionally, asks for Paypal money, instead of the more-normal Bitcoins or prepaid vouchers.
Walking off a Crash Course in Downloading Safety
While Hidden Tear isn't the most secure choice for locking files, threat actors may modify it with additional security, on a whim. Users can create copies of their work for experimenting with the compatibility of free decryptors as a last resort. As a first one, malware researchers urgently recommend having a backup – especially if it's on another PC, cloud service, or storage device.
The Zorgo Ransomware's campaign highlights the problems of seeking out illicit software importantly, whether it's for the sake of internal testing purposes, curiosity or harmful intent. Sources of hacking-themed software include torrents and rotations of independent 'warez' domains and even some blogs. Users who avoid illicit downloads and scan their legitimate ones with appropriate security services will reduce their risk of falling for the Zorgo Ransomware's tactic to nil.
The Zorgo Ransomware ends its ransom note with a line that suggests that there is a personal motive in its creation. While it may be no more than a gag, it's just as harmful as any business-like Ransomware-as-a-Service, and victims should treat it accordingly.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.