Brusaf Ransomware
The Brusaf Ransomware is a file-locking Trojan from the Ransomware-as-a-Service family of the STOP Ransomware. It attacks your files with encryption for locking them, erases backups, and drops text messages with ransom demands for the unlocker. Users should let their anti-malware tools uninstall the Brusaf Ransomware or block installations, and have backups for recovering any documents or other content.
The Rise of Indonesia's File-Ransoming Tsunami
Indonesia is a nation that's at risk for an intimidating range of natural disasters, including flooding, earthquakes and tsunamis. However, malware experts are continuing to see data pointing to a cyber-economy-based threat to the region: file-locking Trojans from the STOP Ransomware family. New campaigns from these threats, including the Lotej Ransomwa, the Masok Ransomware, the Litar Ransomware, and the Brusaf Ransomware, all are capturing media from victims in this part of the world successfully.
The Brusaf Ransomware is a newer version build than its fellow file-locking Trojans, but malware researchers find no updating to the program's core behavior. It searches for content that it can encrypt using AES, which stops the document, picture, or other media from opening. Victims can identify this variant of the STOP Ransomware family from its 'brusaf' extension, which it adds to the captive data's name, as well as by noting any minor changes in ransom-related addresses.
Because the Brusaf Ransomware secures its encryption effort with an RSA-2048 key, recovery solutions for anything that it's locking are limited. Malware researchers recommend backing up one's work to other devices since the Brusaf Ransomware always can delete or encrypt local ones. However, there is a chance that if the Internet connection for the Brusaf Ransomware's C&C is interrupted in time, the Trojan can default to a less-secure code that's compatible with a public decryption application.
Closing the Shores of Island Nations to Trojans
Ransomware-as-a-Service families use rental distribution models and can circulate in any way that the hiring threat actor desires. In old campaigns from the Brusaf Ransomware's family, malware experts find samples gaining access to Windows PCs by seeding themselves as torrents for game cracks and similar, illicit content. Users can exercise appropriate Web-browsing behavior and scan new files from less-reputable sources for avoiding compromised executables that would install this Trojan or other versions of the STOP Ransomware.
Although the Brusaf Ransomware is targeting Indonesians, encryption is a universal peril to any users with important files. Maintaining backups on cloud services or removable devices will help separate one's data from any potential attacks by the Brusaf Ransomware or competing Trojans. A minority of attacks will leave behind Restore Point-related information for recovery, although malware experts recommend against assuming this possibility with the STOP Ransomware releases.
Nearly all anti-malware programs will identify threats from this family and should experience limited difficulties with deleting the Brusaf Ransomware while scanning your computer.
Threats to island nations can be colorfully diverse, but file-locking Trojans wash up on the metaphorical shores of all countries. Cultivating one's backups and downloading habits will fend off the worst of the Internet's 'bad weather,' like the Brusaf Ransomware.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.