Assembly Ransomware
The Assembly Ransomware is a variant of Hidden Tear, a file-locking threat that uses the AES encryption for making your files unusable. Although there are free decryption solutions for these attacks, the Assembly Ransomware drops ransom notes persuading their victims into paying money for a premium file-unlocking service. Victims should disregard these messages and have their anti-malware products remove the Assembly Ransomware to eliminate any chances of future data loss.
Hidden Tear Comes out of Hiding Again
A threat actor is putting the source code authored by Utku Sen for, theoretically, academic purposes to commit harmful actions with another version of Hidden Tear. This Trojan, the Assembly Ransomware, is one of a long-running series of threats using the Hidden Tear project's features for holding files hostage and waiting for their victims to pay ransoms. While malware analysts aren't finding any evidence of the Assembly Ransomware in active deployment, it is ready for release and could launch its campaign at any time.
Like the 2018's Cyberresearcher Ransomware, the Scarab-XTBL Ransomware, the Sorry HT Ransomware, or last year's Cryp70n1c Ransomware, the Assembly Ransomware uses the AES encryption (with a 256 key length and Cipher Block Chaining mode) for blocking your files. Examples of easily-targeted content with Hidden Tear familial threats include Word documents, Excel spreadsheets, JPG pictures, ZIP archives, and locations like the desktops and the Downloads directory. While the Assembly Ransomware launches this attack without requiring any consent, malware analysts emphasize that free decryptors for Hidden Tear should counteract the Trojan's encryption and restore your media.
The Assembly Ransomware's authors also made minimal changes to the ransoming note that the Trojan creates, by default, which is a Notepad file. The majority of the contents of the message is recycled text from other Trojan campaigns but includes a Bitcoin wallet address and a demand for one thousand USD in that cryptocurrency. Since paying guarantees nothing and there are free alternatives, all victims should ignore these instructions.
Keeping Overpriced Trojans from Having Free Reign over Your Files
The Assembly Ransomware does remove the Shadow Volume Copies that could help the users restore their files without needing any third-party help but makes no efforts at securing Hidden Tear's traditionally non-secure cryptography. Contact an appropriate member of the cyber-security community for any additional assistance with free decryption, which should recover all of your files without requiring any payments. The Assembly Ransomware appends the '.locked' extension to the names of the data that it holds hostage, which users can search for to determine what content requires restoring.
The Assembly Ransomware infections have yet to be visible in live environments, and its threat actors may not be deploying it, as of mid-April. If they do so, the Assembly Ransomware could circulate itself by several means, including spam e-mails, corrupted website scripts, or brute-force attacks for hacking network passwords. Most anti-malware programs can provide some degree of safety from the majority of infection methods or delete the Assembly Ransomware without letting it attack your files.
Hidden Tear will not go anywhere while users don't back up their media and cryptocurrencies are profitable. The best way to keep variants of this Trojan family from re-emerging is to protect your files and ignore the overpriced ransoms of copy-and-paste threats like the Assembly Ransomware.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.