Home Malware Programs Ransomware 2NEW Ransomware

2NEW Ransomware

Posted: January 28, 2020

The 2NEW Ransomware is a file-locker Trojan that comes from a Ransomware-as-a-Service known as the Dharma Ransomware. This family is well-known for blocking media files and ransoming them through a premium decryption service, as well as instigating other anti-security attacks. Users should protect their data with properly-saved backups and use anti-malware products for eliminating the 2NEW Ransomware upon its detection.

A Trojan that's Too New to Handle

The hiring of Ransomware-as-a-Service families is a daily cycle that, besides the fees paid towards the family's creators, includes less-notable operations. Each campaign creates new e-mail accounts for handling negotiations and puts forth any of a series of exploits for dropping variants of the baseline, file-locking Trojan. The Dharma Ransomware is one of the more frequently-in-use businesses in the RaaS sector and is gifting the world with a newborn 2NEW Ransomware, although how it's traveling is anyone's guess.

Although there are reports of the Trojan's being in the wild, the 2NEW Ransomware has no significant samples available for analysis and could be circulating through any of several tactics. E-mail attachments doubling as phishing lures are standard among file-locking Trojans, particularly, but torrents and even brute-force attacks cracking admin logins directly also are known vectors. As with most Ransomware-as-a-Service families, and even freeware competitors like Hidden Tear, the 2NEW Ransomware endangers the documents, pictures, and other media on Windows-based systems.

Along with its AES encryption, which performs the bulk of the work for 'locking' files and stopping their opening, the 2NEW Ransomware also adds extensions in the classic Dharma Ransomware format. This compound extension includes an ID, an e-mail address in brackets, and the '2NEW' string that's the origin of the Trojan's name. Victims also can peruse the ransom notes for identifying the infection, which includes an advanced Web page-style pop-up and a simple TXT text file.

Getting Some Safety from the Newest Trojan Updates

Although the 2NEW Ransomware is fresh to the threat landscape as of late January, the business paradigm it runs under is a well-established one. Similar campaigns with all but identical attacks are running from out of the same family, such as the variants of the Devil Ransomware, the Xda Ransomware, the Jack Ransomware and the Sepsis Ransomware. In all cases, malware researchers recommend the same, essential procedures for preventing and reducing problems from infections:

  • Be careful around e-mail attachments in work environments, such as supposed invoices or fax notifications. Embedded vulnerabilities in outdated software, or macros, can drop threats like the 2NEW Ransomware.
  • Install security patches for cutting the presence of vulnerabilities to a minimum.
  • Use passwords that a threat actor can't brute-force. Examples of weaker passwords to avoid include brand-specific defaults and commonly-used values like 'admin123' or 'password1.'
  • Always maintain strict control over remote admin features like RDP.

Anti-malware utilities from most vendors will delete the 2NEW Ransomware and similar derivatives of the Dharma Ransomware business. Unfortunately, decryption is more complicated than disinfection, and malware experts see no free recovery solutions for this Trojan.

The 2NEW Ransomware might be new, but it's just a label and account swapping on a program whose norms are more than thoroughly explored. Anyone falling for a file-ransoming attack, arguably, deserves it, since the backups that prevent them are quickly established universally.

Related Posts

Loading...