Home Malware Programs Ransomware CILLA Ransomware

CILLA Ransomware

Posted: December 5, 2019

The CILLA Ransomware is a file-locking Trojan from the 2.0 version of the Globe Imposter Ransomware family. Some of its symptoms also imitate the Maoloa Ransomware, and it may, as usual, block your files with encryption as a preliminary for its extortion attempts. Credible anti-malware applications should delete the CILLA Ransomware readily, while backup and network security can limit any loss of information or prevent attacks.

A Food Bank Attack Spoiling Files Instead of Ingredients

The Globe Imposter Ransomware lacks the ill-earned fame of larger families like the sprawling Dharma Ransomware, but infections, in either case, are just as much of a financial problem. Iterations of the collection of Trojans from this RaaS that malware experts confirm in 2019 run from the early ANAMI Ransomware and the 'callmegoat@protonmail.com' Ransomware through to Badday Ransomware, the Erenahen Ransomware, and the CILLA Ransomware. The last of these examples is a cautionary tale, even for the smallest of businesses.

The CILLA Ransomware is a Windows threat, like its many-named cousins, and consists of a highly-portable executable of not even one megabyte's size. It targets and barricades media files through an AES-derived encryption routine while also adding its 'CILLA' extensions onto their names (such as 'example.jpg.CILLA'). Although its earliest attacks began in mid-2019, samples of the Trojan continue circulating in databases as of October.

The CILLA Ransomware campaign has at least one, definitive victim: the Auburn Food Bank in Washington. The organization received the Trojan through unknown infection vectors – malware experts estimate brute-forcing or e-mail phishing strategies were used – before losing most of their network to its encryption. Rather than paying the ransom, which, in the CILLA Ransomware's family, often is a thousand dollars in value, the victims opted for fundraising for restoring spreadsheets and documents.

The Storage that Prevents Your Media from Going Stale

Traditionally, paying the ransom – which the CILLA Ransomware asks for in an HTML page that's reminiscent of the Maoloa Ransomware – is, at best, an even chance of getting one's files or getting ripped off. The Globe Imposter Ransomware family and most of the other gangs competing with it insist on cryptocurrencies like Bitcoins, which always give criminals an easy way of taking the profits and running. Free decryption tools are sometimes, but far from universally, practical solutions.

MFA, non-brute-forcible passwords, and other, well-established security measures can keep networks safe from opportunistic probing by hackers. As a general rule, malware experts also recommend being careful with any e-mail-based file or link interactions, as well as around torrents, both of which can provide distribution exploits for file-locking Trojans. Although the CILLA Ransomware is a Windows Trojan, equivalents are operational on other platforms. The Auburn Food Bank will never know just how much they might have been expected to pay. Some inquiries are better left unanswered, though, and particularly, when extortionist software is involved.

Loading...