Home Malware Programs Ransomware Berosuce Ransomware

Berosuce Ransomware

Posted: July 18, 2019

The Berosuce Ransomware is a file-locking Trojan that's a part of the STOP Ransomware family. This family can use torrents, among other methods, for compromising PCs, and locks its media afterward. Users should ignore the ransoming demands until all other recovery options are ruled out, and have dedicated anti-malware tools available for uninstalling the Berosuce Ransomware.

The Update Train on the STOP Ransomware isn't Stopping

Evidence of the continuing and rapid development of the STOP Ransomware's family is remaining undeniable with new variants of the threat getting verification nearly every day. Very-recent examples of the group of file-locker Trojans include the Godes Ransomware, the Besub Ransomware, the Litar Ransomware, and the subject of this article - the Berosuce Ransomware – although variants go back as far as mid-2018's '.CONTACTUS File Extension' Ransomware. The Berosuce Ransomware boasts of the newest version number, but malware researchers see no overall changes in the victim-facing side of its payload.

The Berosuce Ransomware, which the threat actor labels as version 1.17, is a Windows Trojan that uses AES encryption for locking files on the victim's computer. Its attacks can include significant changes to filenames, such as adding custom extensions, as well as encrypting the internal data to stop the file from opening. More importantly, it also secures this encryption algorithm with a remote or local code, depending on whether or not it can connect to its server.

Standard features that the Berosuce Ransomware's family includes will account for, and wipe most locally-placed backups. There also is an underutilized Trojan downloader component in some of the STOP Ransomware infections that may drop spyware or other threats. Regardless of any damage, the Berosuce Ransomware's primary goal is profiting by forcing the victim's compliance with its Notepad ransom instructions for the file unlocker.

What You can Do against the Newest Versions of Old Trojans

There are limited free decryption options for the STOP Ransomware's new versions, including the Berosuce Ransomware variant. Users have the ideal chances of getting their files back if they save secure backups beforehand, such as by storing their additional copies on detached USBs or within a cloud service's facilities. Although desperate victims can consider paying the ransom, most file-locking Trojans' campaigns specify payment routes that disallow refunds for fraud – for self-evident reasons.

Server administrators can tighten their security against potential attackers by using unique and sophisticated passwords, updating software, and turning off risky features like Remote Desktop administration. Average users are, however, more likely of encountering torrent or other, illicit download-based infection vectors for the STOP Ransomware family. Key generators, cracks, and copyright-infringing downloads are traditional ways for this family to compromise a new PC, although most security products should identify their associated Trojan droppers.

Users with anti-malware protection always can delete the Berosuce Ransomware upon its detection or disinfect their PCs after an attack's occurrence.

A file on your computer only is as safe as how one stores it. Trojans like the Berosuce Ransomware hope, each day, that the average Windows user will forget that incredibly vital fact.

Loading...