Home Malware Programs Ransomware Embrace Ransomware

Embrace Ransomware

Posted: May 25, 2018

The Embrace Ransomware is an update of the Everbe@airmail.cc Ransomware, a file-locking threat that shows symptoms similar to those of the Blind Ransomware family. It may block various formats of files without your consent by encrypting their data, insert e-mail addresses and new extensions into their names, and create messaging demanding ransoms. A regular backup schedule can keep your data loss from being severe, and most anti-malware programs should remove the Embrace Ransomware safely from your PC.

Trojans Embracing Your Files Automatically

Since its appearance a week ago, yet another version of the Everbe@airmail.cc Ransomware is under inspection by malware experts and others in the cyber-security industry. This minor variant may be the project of another threat actor or a byproduct of the authors changing their e-mail accounts. The Embrace Ransomware possesses the same scope of features as its recent ancestor, which makes it a direct danger to any stored media on a PC.

The Embrace Ransomware attacks data such as Word documents, PDFs, Excel spreadsheets, JPG images, and other formats of content by converting them with an encryption feature that may use either an AES or DES-based algorithm. After blocking a file, the Embrace Ransomware also inserts the '.embrace' extension and the bracketed e-mail address of the threat actors, which provides a channel of communications for any ransom negotiations. These symptoms give the threat a resemblance to the old but unrelated Blind Ransomware and Rapid Ransomware groups.

The Embrace Ransomware also creates a Notepad 'TXT' file with other information related to the ransoming of the victim's files. While the threat actors claim that the price for the unlocking service increases weekly, malware experts aren't, yet, capable of confirming the cost. Most criminals employing threats with data-encryption features prefer a cryptocurrency, such as Bitcoins, or a voucher, either of which lets them circumvent the refund protections of traditional banking institutions.

Shrugging Off a Trojan's Hug

The Embrace Ransomware has limited changes from the earlier Everbe@airmail.cc Ransomware but can harm your files with encryption that may be unbreakable. Although malware experts note that this small family does use some code-obfuscating techniques for stealth, a majority of anti-malware applications are identifying both the Everbe@airmail.cc Ransomware and the Embrace Ransomware correctly. Some of its likely infiltration methods include:

  • Brute-force attacks can give a criminal manual control over a server after guessing an unsafe password (such as 'admin123' or 'password1').
  • E-mail attachments may include the Embrace Ransomware, as a mislabeled file, or as the payload of an embedded exploit inside of a document. PDF and DOC formats are at risk of hosting these vulnerabilities notably.
  • A website compromised by a threat actor by various methods may host an exploit kit, which scans the Web surfer's PC for accessible software vulnerabilities with relevance for launching a drive-by-download attack.

Disabling scripts, using strong passwords, updating your software, scanning your downloads with anti-malware tools, and keeping backups are all valid strategies for eliminating the Embrace Ransomware preemptively or minimizing its possible damage. No free, public decryption tool for either the Embrace Ransomware or its earlier relative is available, as of late May.

Seeing another version of the same program so soon is a periodic fact of life in the file-locker Trojans' industry. The rapid development and industriousness of the Embrace Ransomware's new campaign also is a call for all PC users to be just as dutiful about keeping their files and computers safe.

Loading...