Home Malware Programs Ransomware 'korvin0amber@cock.li' Ransomware

'korvin0amber@cock.li' Ransomware

Posted: February 11, 2019

The 'korvin0amber@cock.li' Ransomware is a file-locking Trojan from the Dharma Ransomware update of the Crysis Ransomware family. This Ransomware-as-a-Service collective issues numerous variants to third-party criminals, who choose targets for their media-encrypting attacks arbitrarily. Ignore any ransoming demands from the threat, if possible, delete the 'korvin0amber@cock.li' Ransomware with your preferred anti-malware software, and recover through any unharmed backups.

More File-Based Crises Thanks to the Crysis Ransomware

As Ransomware-as-a-Service maintains its business model into February without any signs of a slowdown, malware analysts are adding two threats onto the list of one of its most prominent families: the Crysis Ransomware. This group of file-locker Trojans bases its profits off of collecting ransoms after securely-encrypting the files of any victims, which threat actors may select and compromise in various ways. The 'korvin0amber@cock.li' Ransomware is identifiable out in the wild around the same time as the ungodianact1986@aol.com' Ransomware, but the family stretches back as far as the Dharma Ransomware update of 2016.

Early releases of these Trojans suffered database breaches that helped with decryption efforts for unlocking files. However, new variants like the Cmb Dharma Ransomware update use different keys that makes restoring the data all but impossible to third parties. Like its fellow Dharma Ransomware variants, the 'korvin0amber@cock.li' Ransomware uses a well-chosen selection of AES and RSA algorithms for keeping the user's media, including text documents, pictures, and most Microsoft Office work, from opening.

The 'korvin0amber@cock.li' Ransomware adds '.amber' extensions onto these files without taking away their originals (such as 'a-word-document.doc' becoming 'a-word-document.doc.amber'), which is one of the few symptoms setting it apart from similar threats. The name of the 'korvin0amber@cock.li' Ransomware is a reference to its other update, which changes the e-mail address on the otherwise-standard ransom note's template. Malware experts recommend against paying that decryption fee as long as any other decryption or data recovery possibilities are left untested since the criminals can take the money, with cryptocurrencies like Bitcoin particularly, and not give anything back to the victim.

Saving Your Work from Being Trapped in Amber

File-locking Trojans using the RaaS model of business can attack their victims unpredictably since different threat actors can 'hire' a customized version of the Crysis Ransomware, the Globe Ransomware or the Scarab Ransomware for a fee. While not every infection method is, therefore, predictable, malware researchers find most RaaS Trojans abusing brute-force attacks for compromising network logins and spam e-mails for targeting particular users. Scanning downloads before opening them and paying attention to your password strategies are, therefore, equally appropriate means of protection from the 'korvin0amber@cock.li' Ransomware.

Because of the current security issues around the 'korvin0amber@cock.li' Ransomware's encryption routine, the users shouldn't assume that decryption for free ever will be available. While this family may compromise other drives over network connections, backups that the user stores on detachable or otherwise-secured devices should retain their safety. Most anti-malware programs can delete the 'korvin0amber@cock.li' Ransomware and other family members by default, even if they can't unlock the media.

The 'korvin0amber@cock.li' Ransomware and the 'undogdianact1986@aol.com' Ransomware enter into the New Year as points of reference for the business viability of RaaS. Until users do all that they can for protecting their work, there always will be threat actors taking advantage of that weakness for money.

Loading...