In response to more than two hundred new strains of ransomware, Avast and AVG users got to breathe a sigh of relief as hundreds of millions of them avoided the new ransomware strains. Like the Cryptolocker or Dharma virus, the new ransomware strains essentially capitalize on user error and encrypt files for a ransom. Three of these new ransomware strains are the HiddenTear, Jigsaw, and Stampado / Philadelphia viruses.
While there are already some solutions for these new threats, Avast has responded by releasing even more tools to its already impressive list that allows users to decrypt their files without paying the ransom left by the hackers. The released tools have also made the decryption speed quicker, lowering it from days to minutes via a brute-force process for the passwords set by the infections.
While these three variants are just coming up in terms of news, most of them have been around for a good while, especially HiddenTear, which has readily available code on GitHub. Given the easy access, hackers have been able to manipulate the HiddenTear code to incorporate a variety of file extensions that reveal the files have been encrypted. Some include: .locked, .BUGSECCCC, .Hollycrypt, .lock, .kratos, .unlockit, and many others. Like most ransomware infections, a common text file will appear on the infected machine’s desktop once the encryption has been completed.
Stampado and Jigsaw, on the other hand, come from August 2016 and March 2016, respectively. Jigsaw bears the namesake of the Saw franchise’s Jigsaw killer and, in many cases, a picture of the creepy doll-like tormentor will pop up when Jigsaw hits a machine. Some notable extensions are: .kkk, .btc, .encrypted, .paymst, .hush, .fun, and many others. Unlike other ransomware strains, however, one file will be deleted per hour if the user does not pay the ransom.
Stampado has multiple versions that have been circling around the dark web since its inception, one of which is the earlier noted Philadelphia strain. Like Jigsaw, Stampado will delete a new file every six hours if you don’t pay the ransom. The only file extension that is currently associated with Stampado is the .locked extension. If you’ve found yourself the victim of any of these ransomware infections, check out Avast’s updated list of anti-ransomware tools. You might find something that can help you avoid paying the hackers.
0 comments:
Post a Comment