Home Malware Programs Ransomware Meds Ransomware

Meds Ransomware

Posted: September 20, 2019

The Meds Ransomware is a file-locking Trojan and a part of the STOP Ransomware Ransomware-as-a-Service. This family can encrypt your digital media and keep it from opening while demanding ransoms through accompanying messages. Let your anti-malware products eliminate the Meds Ransomware whenever they detect it and use appropriate backup practices for keeping unwanted encryption from becoming a long-term problem.

An Unlucky PC User is Taking the Wrong Medicine

Taking one's meds regularly is always commendable, but the same can't be said of Trojans using the term out of apparent mockery. As a variant of the STOP Ransomware, the Meds Ransomware offers harm, rather than healing, to the files that it finds on users' computers. As usual, free unlocking tools are no longer compatible with this modern variant's payload, which can cost the victims all of their documents, pictures, movies, music and databases.

The Meds Ransomware is a more recent release than, for example, the Berost Ransomware, the Raldug Ransomware, the Todarius Ransomware, or the Verasto Ransomware, although malware experts can't confirm its specific version number. It blocks digital media on the computer with an AES algorithm but includes extra security through an RSA key. If possible, malware experts recommend disconnecting from the Internet ASAP after infection, which can keep the Meds Ransomware from downloading its most-secure decryption credentials and force it into using a possibly-breakable alternative.

Other, anticipated symptoms and problems related to the Meds Ransomware infections also include:

  • The Meds Ransomware will make filename changes for setting apart locked files from unencrypted ones, including the same 'meds' string from its name as an extension.
  • The Meds Ransomware will attempt to delete the Windows Restore Points through a CMD command.
  • The Meds Ransomware can install other threats. This family is a known propagator of AZORult, a spyware program that collects passwords and other credentials.
  • The Trojan also creates a plain Notepad file that delivers a variant of its ransom note to the victim. Users are given deadlines before the ransom cost of the unlocker rises and a link to a possible demonstration.

Coughing Up Black Market Meds Ransomware

Asian nations such as the Philippines are at the most risk of a new STOP Ransomware campaign. Despite this geo-targeting preference, malware researchers find variants of these threats throughout the world, including in the Middle East, Africa and Europe. Users may wish to be especially cautious around downloads from possibly-unsafe sources, such as torrents, which may be distributing the Meds Ransomware or threats just like it.

Poor network admin practices also can be accidental assistants for Trojan attacks. Failing to update server software leaves open the possibility of vulnerabilities known to the public that could facilitate code execution or credential theft. Using default or low-complexity login combinations also can help criminals with gaining access to a target.

Nearly all anti-malware brands are capable of identifying the well-known STOP Ransomware family and its variants. Suitable security software should remove the Meds Ransomware automatically without needing any additional help from the user.

The Meds Ransomware asks for nearly a thousand dollars for an unlocking service that its threat actor may not give to the one who's paying for it. Instead of forcing yourself into gambling, keep one or more backups in places that a Trojan isn't likely of being able to subjugate.

Related Posts

Loading...