Home Malware Programs Ransomware Blend Ransomware

Blend Ransomware

Posted: February 18, 2020

The Blend Ransomware is a file-locking Trojan that's part of the Ransomware-as-a-Service family of the Crysis Ransomware. The Blend Ransomware can stop files from opening by encrypting them, wipe the Windows backups, change filenames, and demand ransoms through pop-up alerts and text files. Users should let their anti-malware software uninstall the Blend Ransomware while saving backups for any recovery needs.

Copy-and-Paste Trojans Blending Up Your Files

The family of the Crysis Ransomware, often equally well-known as the Dharma Ransomware, is remaining highly active going into the new year. Since 2016, various updates to the Ransomware-as-a-Service engage themselves in attacking the public and blocking files, including members like the Wallet Ransomware, the Arrow Ransomware, the Aa1 Ransomware and 2019's STAFS Ransomware. While the Blend Ransomware offers a brand-new name to the attacks, its methods provide more of the same, old extortion.

The signature and identifying feature of the Blend Ransomware is the encryption routine it uses for locking the victim's work and recreational files, which includes documents and a wide range of other media formats, from spreadsheets to music. This AES encryption blocks the file from opening, while the Blend Ransomware also tags the filename with IDs, its e-mail address and its name. The formatting is consistent with most versions of the Crysis Ransomware, including the Phobos Ransomware branch.

The Blend Ransomware also includes the usual technique of destroying the user's backups by issuing a deletion command for the Shadow Volume Copies through the CMD utility. While this attack is less noticeable than the file-locking one, it blocks users from recovering through the Restore Points. Victims are, consequently, placed into the 'rock and hard place' situation of considering paying the Blend Ransomware's ransom for a premium decryptor or losing their data.

Sparing Your Work from the Blender

The Blend Ransomware provides ransom demands for victims through its family's usual method of dropping text files on the desktop and generating pop-up windows. In both cases, the victim has a week-long deadline for 'buying' the decryptor but isn't given an immediate price. Users should always have their work backed up to locations inaccessible to the Blend Ransomware and its cousins, such as a password-protected NAS, as an adequate precaution.

Malware researchers find no information in the Blend Ransomware's samples that imply its preferred distribution model. In prior attacks, threat actors make use of spam e-mails with misleading attachments or obfuscated links, torrents, or brute-forcing admin logins and gaining access to remote desktop functionality. Appropriate security standards will bar almost all of these attacks from succeeding at dropping the Blend Ransomware or giving an attacker access to your PC.

The Blend Ransomware is blending files up for unknown quantities of cash, but a Ransomware-as-a-Service never is cheap. Letting your work become a hacker's bargaining chip is a situation anyone can prevent with just a few minutes of prep work.

Related Posts

Loading...