EasyRansom Ransomware
The EasyRansom Ransomware is a file-locking Trojan that targets Korean victims, although its payload may harm users' files in most Windows environments around the world. Victims can use unharmed backups for recovery instead of paying a Bitcoin ransom. Appropriate Windows security software also may block infection attempts and remove the EasyRansom Ransomware from already-infected PCs.
Cheap and Uncomplicated from the Perspective of an Asian Trojan
A somewhat novel instance of a file-locking Trojan favoring the Korean peninsula is making itself evident, contrasting with most competitors that deliver notes to their victims with the presumption of English being the language of choice significantly. The EasyRansom Ransomware is also interesting for being unrelated to most families of similar threats with encryption features, including Ransomware-as-a-Services and free resources like EDA2. Its features are, nonetheless, relatively standard for this sector of the threat landscape.
The EasyRansom Ransomware targets Windows systems and uses an unremarkable, encryption-based feature for converting the user's documents and other files into non-opening copies of themselves. Malware experts are uncertain if the encryption's security is flawless, but can confirm that current samples don't delete the Windows Restore Points. This limitation can give victims another data recovery method besides the potential for free decryption services and, of course, offsite backups.
Other symptoms in the EasyRansom Ransomware infections include a pop-up Windows message with poor English, 'easyransom' extensions on media, and a Korean text message. Translation reveals that the EasyRansom Ransomware asks for roughly one hundred USD in Bitcoins for its currently-empty wallet. The low fee is atypical of threats that compromise business entities, and any victims of this campaign are, most probably, ones that the Trojan encounters through random, non-targeted exploits.
The Easier Ways of Avoiding Trojan Robbery
The EasyRansom Ransomware offers cues that its campaign is a low-end one with the administrator's being an inexperienced threat actor. Besides the last details, it also lacks features concerning terminating security tools or processes that could interfere with the encryption, lacks website support, and recommends that victims send all encrypted files over e-mail for unlocking them. The latter is especially telling since it makes the EasyRansom Ransomware wholly-unsuitable for servers and other targets with large file data quantities.
Users should be attentive towards any infection vectors for this threat. Malware experts note a high chance of the EasyRansom Ransomware circulating through torrents with disguises such as fake movies or game-cheating tools. The Trojan also could install itself through relatively more esoteric methods like spam e-mails, brute-force attacks against weak passwords or browser threats like the RIG Exploit Kit.
Traditionally-strong anti-malware products will block most attacks, where applicable. They also can uninstall the EasyRansom Ransomware from compromised Windows systems, if it's required.
The EasyRansom Ransomware is a laid-back attempt at building a Trojan that makes a little money for doing nothing of value. That it anticipates being on computers in South Korea is a fair warning for anyone in the area. Still, those in other countries should remember their vulnerabilities and compensate for them, too.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.