Home Malware Programs Ransomware Chekyshka Ransomware

Chekyshka Ransomware

Posted: July 2, 2019

The Chekyshka Ransomware is a file-locking Trojan that can block your media content with encryption-based attacks. It's not a part of a well-known family like Hidden Tear, and its decryption potential remains unknown. Using appropriate security standards for your backups can keep them safe from this threat's payload, and conventional anti-malware services should handle uninstalling the Chekyshka Ransomware appropriately.

A Trojan Hoping to Get Drunk Off Your Data

A file-locking Trojan with a Russia-inspired brand and an English ransom note is in the wild and attacking users' NAS or network-attached storage. Its campaign could be targeting individuals instead of business or government servers since it lacks any built-in capacity for spreading throughout a local network. The goal of this Trojan, the Chekyshka Ransomware, is the same as many, other Trojans: stopping files from opening long enough to get a ransom out of the owner.

The Chekyshka Ransomware's name is an apparent reference to a casual, Russian term for a quarter-liter bottle of vodka, which narrows either its operational region or its threat actor's nationality to the same area as the Scarab Ransomware. However, unlike that family, it limits its attacks to NAS devices, such as Synology's RAID storage products. Malware experts also find its filter list for choosing what content it blocks is somewhat specialized and omits AutoCAD images, but harms media like Word documents, Excel's spreadsheets or pictures.

The Chekyshka Ransomware's attack is a less-common implementation than most file-locker Trojans' equivalents. However, it does bear some resemblance to old threats like the Mailrepa.lotos@aol.com Ransomware, the SystemCrypter Ransomware, the MegaLocker Ransomware, the Cr1ptT0r Ransomware and the StorageCrypter Ransomware. By contrast, other Trojans with encrypting payloads target default and LAN-based drives, as well as portable devices.

Putting the Chekyshka Ransomware on a Dry Spell

Some families of file-locker Trojans, such as the STOP Ransomware, emphasize using torrents and illicitly-downloaded content for infecting computers. Others focus on compromising servers with detectable weaknesses such as open ports and poorly-selected passwords. Although malware experts have yet to isolate which factors are in play with the Chekyshka Ransomware's first victims, they can offer some recommendations for securing NAS media, as follows:

  • Use a unique and non-default login combination for NAS account.
  • Limit port access to only what's necessary.
  • Consider setting up a VPN or virtual private network if your NAS supports it.
  • Always keep SSL on for encrypting private transmissions.

Storing spare backups onto other drives and devices, including removable ones and cloud storage, offers additional safety against data-targeting attacks. The Shadow Volume Copy-based recovery utilities may be relevant to your situation, as well, although most file-locker Trojans will erase that data.

Malware researchers rate the Chekyshka Ransomware as having no exceptional protection against commonplace anti-malware products. Use such software for removing the Chekyshka Ransomware as appropriate or, better yet, halting infections at their first steps.

The Chekyshka Ransomware is more of a branch of a black hat business than it's the output of a boozehound, but even if its programmer were a drunkard, encryption isn't a challenging coding task. As criminals cover all their bases when they're on the attack, their victims should focus on self-defense that much more comprehensively.

Loading...