Home Malware Programs Ransomware 'Love Dollar Sign' Ransomware

'Love Dollar Sign' Ransomware

Posted: April 20, 2020

The Love$ Ransomware is a file-locking Trojan that's a part of the Dharma Ransomware Ransomware-as-a-Service family. Some Trojan droppers are installing this threat after infecting Windows systems by unknown means, after which, the Love$ Ransomware blocks the majority of digital media on all drives. Users can save their files by preparing protected backups for restoring and using anti-malware products for deleting the Love$ Ransomware immediately.

Trojans Expressing Their Love for Money

The RaaS or Ransomware-as-a-Service business sector, while illicit, is no less a money-making enterprise for being so. Long-running families like the Dharma Ransomware are ample evidence of the model's success – at least, at collecting hiring criminals, if not necessarily, their ransoms. Members of the family go back to 2016. However, relatively newer editions like Asus Ransomware, the Devil Ransomware, the Wiki Ransomware, the YKUP Ransomware, and the Love$ Ransomware are in the wild currently.

As for the last of those members, malware researchers are tracking versions of the Love$ Ransomware getting their installations with the aid of a second, Trojan dropper. This threat carries the Love$ Ransomware embedded internally without requiring a download from another server and uses disguises imitating a Windows printer spool service. The installation routine also uses this chameleon strategy for faking other Windows components, which it drops into user 'AppData' folders.

After getting inside, the Love$ Ransomware commences with the attack strategy that's typical to its family. It encrypts digital media on all available drives with a time-efficient version of RSA-protected AES, changes their names with extra extensions, e-mails, and IDs, and deletes the Shadow Volume Copy backups. Users will find instructions in HTA and TXT files that provide a ransoming service for the unlocker or decryptor. However, paying should be considered the least reliable recovery choice in all reasonable circumstances.

Refusing Love from the Worst Program Kinds

While a printer-related file is a reasonable hiding place for threatening software in almost any environment, the theme of the Love$ Ransomware's Trojan dropper lends itself very well to workplace settings, such as corporate or government networks. In general, malware experts track such attacks back to corrupted e-mail attachments running macros or other vulnerabilities. Brute-forcing server passwords also is a still-reliable means of entry for threat actors without any need for programming expertise or Web infrastructure.

Server administrators can refrain from using weak passwords and usernames that would invite attacks from these kinds of Black Hat tools. All users also should install security-relevant patches for software such as word processors as soon as possible and make a point of not enabling macros unnecessarily. The average user in a home environment also should watch for infection attempts through torrents and malvertising-based sources.

The Dharma Ransomware's family includes few forms of self-defense against most security tools and depends on finishing its attacks before being caught.

The Love$ Ransomware shows that an old way of extortion, by the standards of Trojans, remains up to par for, at least, some enthused criminals. Nothing is loving about the Love$ Ransomware's payload, but, fortunately, refusal is painless for anyone with backups.

Loading...