Home Malware Programs Ransomware guardbtc@cock.li Ransomware

guardbtc@cock.li Ransomware

Posted: February 27, 2018

The guardbtc@cock.li Ransomware is a variant of the Dharma Ransomware branch of the Crysis Ransomware, a series of Ransomware-as-a-Service Trojans. All of these threats include features for blocking your files by encrypting them, and the guardbtc@cock.li Ransomware, additionally, delivers ransom notes asking for Bitcoins for the unlocking application. Always have a dedicated anti-malware program uninstall the guardbtc@cock.li Ransomware from an infected PC, and schedule backups for keeping any file loss to a minimum.

A Trojan Guard Going on the Offense

The 2016's Dharma Ransomware is proving that it has a long-term legacy, for the time frame of the average RaaS project. As a Ransomware-as-a-Service platform, the code of the Dharma Ransomware and its predecessor, the Crysis Ransomware, is available 'for hire' to other people who pay either an upfront fee or a percentage of their profits. The guardbtc@cock.li Ransomware is the next variant of this threat that malware experts are confirming, both for its file-locking capabilities and its activity in the wild.

Attacks from this threat may use infection methods such as spam e-mails, compromising advertising-serving networks with drive-by-download exploits, or brute-forcing the PCs of any valuable targets, such as a corporate server system. While the guardbtc@cock.li Ransomware still uses the AES-derived method of locking the files of an infected Windows system, it also includes upgrades to its cryptography routine. These changes make the guardbtc@cock.li Ransomware more secure than previous versions of the Dharma Ransomware, and malware experts warn that anything that the Trojan encrypts may not be recoverable for free.

The guardbtc@cock.li Ransomware follows up its attack by generating a Notepad file that instructs the victim on paying a Bitcoin cryptocurrency fee for buying the threat actor's file-unlocking application. Since cryptocurrencies like Bitcoin require both parties consenting to any refunds, the victim takes the inherent risk of paying and not receiving anything for it.

Guarding Your Hard Drive's Contents against Bitcoin Purloining

Since paying ransoms for a decryption software usually includes notable risks of fraud, users always should explore other file-restoring solutions, as appropriate. Malware experts recommend having external, separate backups for dealing with the guardbtc@cock.li Ransomware and other members of its family particularly since any local backups and Shadow Copies are likely candidates for non-consensual deletion. Avoiding network shares without the protection of secure passwords also can keep the guardbtc@cock.li Ransomware from damaging other PCs in a laterally-moving fashion.

Some of the defenses most relevant to the guardbtc@cock.li Ransomware's future infection strategies include:

  • Disabling document macros can prevent you from loading unintentionally a Trojan dropper or downloader that a threat actor embeds into corrupted text files.
  • Turning off scripts and advanced content like Flash can stop your Web browser from loading similar threats, including EKs like the Nebula Exploit Kit.
  • Since e-mail attachments are a top choice for cybercrooks distributing file-locker Trojans, users always should scan suspicious files of this origin with a qualified anti-virus or anti-malware product.

Always let an appropriate anti-malware program delete the guardbtc@cock.li Ransomware, which will use inaccurate names and locations for its components for preventing you from identifying its software.

The guardbtc@cock.li Ransomware is proving that the Dharma Ransomware's RaaS business plan is as profitable as ever, much like the Arena Ransomware, the Wallet Ransomware, or the webmafia@asia.com Ransomware. One can expect that backups will, similarly, retain their importance to anyone who likes keeping their files out of a hostage scenario.

Loading...