Defender Ransomware
The Defender Ransomware is a file-locking Trojan that uses encryption to keep you from opening content such as documents or images. Since the Defender Ransomware doesn't store the key to its encryption routine, there's no way to retrieve your files directly. Malware experts encourage having backups for recovery purposes and using anti-malware products for uninstalling the Defender Ransomware or keeping it from harming your media.
When Defense Becomes Offensive to Your Files
Not all Trojans come with solutions to their attacks, whether the damage that they cause is trivial or substantial. Some file-locking Trojan infections can cause permanent harm that the user never can undo, either due to errors in the encryption routine, or deliberate malice from the threat actor's part. The Defender Ransomware is one of the most open cases that malware experts can catch of the latter at work.
The Defender Ransomware is circulating its executable with the fake name of Microsoft Malware Protection Command Line Utility, which, when it's legitimate, is a component of the Windows Defender. The Trojan is, as its disguise implies, a Windows-based program, and when running in that environment, encrypts the victim's digital media (documents, pictures, audio, etc.) with an AES algorithm that uses CBC mode. It also adds '.defender' extensions to their names.
One critical difference malware experts stress between the Defender Ransomware, and the average, file-locking Trojan is that the Defender Ransomware doesn't bother saving its encryption key, which is mandatory for decrypting and restoring your files. Without that key, any content that the Defender Ransomware harms is made unusable permanently. The Trojan informs the victim of this fact, along with delivering an ASCII graphic of a brick wall, in an accompanying text note.
Stopping Trojans from Erecting Walls Between You and Yours
The Defender Ransomware downloads many of its components from the Zippyshare free file-hosting service, but network-monitoring utilities can't deliver any decryption solution since the Trojan never uploads its key. Some of these files use the names of prominent gaming cheat utilities, which implies that the Defender Ransomware may install itself through file-sharing networks and illicit downloading websites, along with fake Windows updates. Having browser-based security features and disabling potentially unsafe content, such as Flash, can decrease your PC's risk of attack from these vectors.
Threats like the Defender Ransomware, without any decryption access, at all, are rare among file-locking Trojan campaigns relatively. However, most Trojans with similar attack routines do force their victims into paying for the solution without making any guarantees. Storing your backups in places that malware experts would rate as secure, such as detachable devices, can protect your files from these attacks. Various brands of anti-malware software also may eliminate the Defender Ransomware immediately despite the misleading name of its executable.
While most of the threatening software industry runs on money, the con artists sometimes commit their misdeeds for mischievous purposes purely, as well. The Defender Ransomware is a lesson in how a security mistake isn't always reversible, especially if you're getting your downloads from non-reputable sources.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.