Home Malware Programs Ransomware '.aqva File Extension' Ransomware

'.aqva File Extension' Ransomware

Posted: February 21, 2019

The '.aqva File Extension' Ransomware is a new version of the Dharma Ransomware, a branch of the Crysis Ransomware family. Similarly to previous attacks, the '.aqva File Extension' Ransomware can endanger your files by encrypting them and holding them for ransom by offering the threat actor's decryption help at a price, such as several hundred dollars in Bitcoins. Backing up work to other PCs is a critical defense against these file-locking Trojans, although many anti-malware programs can isolate and remove the '.aqva File Extension' Ransomware by default.

Beware of Pictures from Strangers

It's not surprising that Ransomware-as-a-Service threats like the Crysis Ransomware's family are maintaining their profitability. Threat actors can rent variants like the Heets Ransomware, the KARLS Ransomware, the Bizer Ransomware, and the '.cccmn File Extension' Ransomware without any programming experience, only needing to distribute the file-locking Trojan. Another, February-born member, the '.aqva File Extension' Ransomware, is showing clear signals of how the latter is happening.

The '.aqva File Extension' Ransomware's executable is circulating inside of a ZIP compressed archive with the label of 'My Pictures.' Such disguises are representative of attacks arriving through e-mail or compromised social networking and instant messaging accounts and may be sent out to all contacts indiscriminately. Once it infects the computer, malware experts rate the '.aqva File Extension' Ransomware as being equally threatening to one's data as any other version of this RaaS family.

The '.aqva File Extension' Ransomware locks the files by encrypting them and includes the extension from its name as a simple identification device for the victim. The family, also, will remove the Shadow Volume Copies that Windows might use for restoring the non-opening files to their earlier formats. By the time the victim sees the most visible symptom, the '.aqva File Extension' Ransomware's text and Web page ransoming messages, most of the PC's media will be illegible.

A Picture of a Defense against the RaaS Black Market

Compromised messaging or social accounts should always have their login and security question information changed ASAP to prevent any further spread of threats like the '.aqva File Extension' Ransomware, which criminals may deliver via Web links or direct attachments. While some cyber-security products may struggle against threats enclosing themselves in archives, most anti-malware tools should experience few problems with identifying members of the Crysis Ransomware family. The users can, additionally, update their security products' databases for better accuracy.

Malware experts only classify the '.aqva File Extension' Ransomware as a threat to Windows machines, although similar file-locker Trojans are targeting OS X and Linux. Because decryption for free is very unlikely, the users should be attentive about saving documents and other media onto devices that these threats can't attack. Anti-malware products, while invaluable for uninstalling the '.aqva File Extension' Ransomware or stopping an infection, can't unlock these files.

It's a boon to the cyber-security community that the '.aqva File Extension' Ransomware has such obvious signs of how the infection stage of its campaign achieves success. Those who aren't mindful about what 'pictures' they open, still, can keep it from being profitable, as long as they have a backup or two.

Loading...