Anti-Capitalist Ransomware

The Anti-Capitalist Ransomware is a French variant of the Jigsaw Ransomware, a file-locking Trojan that, also, can delete your files under multiple conditions. The users may see pop-ups, filename changes, and other symptoms alongside the widespread locking of their data through encryption. Backing up your work to other devices will keep it as safe as possible from these attacks, and many anti-malware products should delete the Anti-Capitalist Ransomware without any issues.

Yesteryear's Trojan Comes Back with a Political Bent

The Jigsaw Ransomware family that garners more than a little attention for attacks that involve both encrypting and outright erasing media is arising again through the new variant of the Anti-Capitalist Ransomware. The customization of this movie-franchise-based Trojan is commonplace (see: the '.spaß File Extension' Ransomware, the Jigsaw-Dat Ransomware, the '.invaded File Extension' Ransomware, the Ramsey Ransomware, et al.) throughout the threat industry. While the Anti-Capitalist Ransomware makes little effort at hiding its family line, its author is making it pull double-duty as a political statement.

The Anti-Capitalist Ransomware's installer is pretending that it's a version of the Mozilla's Firefox browser. Running the program in unprotected Windows environment endangers the PC's media files, such as most formats of text documents, images, and other, generic data. Its background encryption routine will block these files with an AES-derived algorithm while adding on '.fun' extensions in their names. This attack is asymptomatic up until the conclusion, at which point, the Anti-Capitalist Ransomware loads its pop-up.

What makes the Anti-Capitalist Ransomware different from the old versions of the Jigsaw Ransomware is its switch to poorly-translated French. This alteration is one that malware analysts are suggesting as being the author's translation, instead of the output of an automated tool like Google Translate. Another change is the new background: instead of the Saw movie mascot, the victims see an anti-capitalism logo. No other political information appears in the rest of the otherwise standardized note, however.

Don't Let Your Files Get Swept Up in a Trojan's Politicizing

Attacks by the Anti-Capitalist Ransomware are even more threatening to those with no experience against file-locker Trojans than those of a 'typical' threat. The Anti-Capitalist Ransomware, like other Jigsaw Ransomware branches, can delete files whenever the countdown in its ransom window hits zero. It also includes a failsafe that wipes even more media after launching from a system reboot. Malware researchers recommend against restarting the computer until appropriate measures are in place for disabling all threats, such as Safe Mode or an emergency bootup disk explicitly.

Free decryption tools are available for some of the lower-level families of file-locker Trojans, including the Anti-Capitalist Ransomware's group. Victims could use that software for 'unlocking' their files without paying or contacting a researcher in the PC security industry for their help. However, no after-the-fact solution supplants the dependability of a backup, and the users always should let trusted anti-malware programs uninstall the Anti-Capitalist Ransomware.

The pretense of it being a browser doesn't save the Anti-Capitalist Ransomware from the threat-detecting capabilities of all AV and anti-malware products virtually. Whether one finds it in France, Chad, Canada, or somewhere else, the Anti-Capitalist Ransomware is another Trojan's campaign that a minimum of security measures can counter.