Blammo@cock.li Ransomware
The Blammo@cock.li Ransomware is a file-locking Trojan with a basis in the Crysis Ransomware family, which uses an executable-generating tool for letting third parties rent a customized variant of the threat. The Blammo@cock.li Ransomware uses AES-based encryption to keep your files from opening and may compromise network-accessible devices, in addition to the local drives. Monitoring your network's security standards, having backups, and letting anti-malware programs delete the Blammo@cock.li Ransomware automatically all are appropriate responses to this threat's campaign.
The Second Shot of a Data Crisis-Causing Trojan
Ransomware-as-a-Services evolves regularly, and the family of file-locker Trojans identifiable as Crysis Ransomware is particularly exemplary of that truth. These Trojans, eventually, branched off into the Dharma Ransomware sub-group, with one threat actor choosing to create an Arrow Ransomware variant off of that. Days later, the Arrow Ransomware has another version of itself: the Blammo@cock.li Ransomware, which appears to justify its existence, primarily, through it different, ransom-collecting credentials.
Like other members of these families, the Blammo@cock.li Ransomware uses encryption with an AES-based algorithm for locking different content on a PC without showing any symptoms while it attacks. These encryption leaves the associated documents, images, and other media in a non-opening state and also may impact network-mapped drives and unmapped network shares. Malware experts recommend searching for the appended 'signature' that the Blammo@cock.li Ransomware adds to their names: an ID number, an e-mail address to the threat actor's inbox and the '.arrow' extension, just like the Arrow Ransomware.
The Blammo@cock.li Ransomware also downloads a text-based ransom message from a Command & Control server that it places on the infected computer in a high-visibility location, such as the desktop. These ransom notes usually will demand the paying of a fee via a cryptocurrency, like Bitcoin, before giving you a file-unlocking application or key. Malware experts recommend against providing any money to a threat actor who's already attacking your data and has no incentive for honoring his word.
Dodging the Next Quiver's Worth of Digital Media Attacks
RaaS Trojans are flexible in how they may distribute themselves. The threat actors who are attacking business entities or government networks may use e-mail spam for infecting a computer, and also can brute-force their way past any login security. Individual users are most likely for exposing their PCs after downloading illicit content, such as a game crack, or visiting a website running the Nebula Exploit Kit and similar, script-based threats.
The Blammo@cock.li Ransomware, the Arrow Ransomware, and other variants of both the Crysis Ransomware and the Dharma Ransomware include various methods of preventing you from restoring your locked files, such as deleting the Windows Shadow Copies. Storing your backups non-locally, and in a protected, detachable drive is an ideal way of defending your media against this family of threats. Many anti-malware programs also can delete the Blammo@cock.li Ransomware and its relatives on sight, and malware experts aren't detecting any new defensive or identity-obscuring features in this Trojan.
The Blammo@cock.li Ransomware is part of a countless number of variants of a program that any would-be con artist can create after paying a renter's price. For the people this Trojan attacks, however, the real cost is their file data.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.