Home Meka Ransomware

Meka Ransomware

Posted: November 4, 2019

The Meka Ransomware is a file-locker Trojan that can keep your media files from opening by encrypting them. Users should look for symptoms including 'meka' extensions, Notepad ransom notes, and missing Restore Points as typical for infections. Most anti-malware products should delete the Meka Ransomware before it attacks your PC, and a sufficiently-secured backup can provide ideal data restoration.

No Rest from Ransoms over the Weekend

Several PC users are providing reports and samples of infections that bear the unmistakable signs of the STOP Ransomware's attacks. While malware researchers haven't verified which version the Meka Ransomware is, it does feature a slight change in its ransoms note that could throw off any victims. However, its dominant attacks are in keeping with its Ransomware-as-a-Service famil traditionally.

The Meka Ransomware uses a modern variant of the STOP Ransomware dual-algorithm encryption routine, which leverages AES and RSA for locking files. Although nearly any data could be affected, this family uses filters for targeting media, such as Word or PDF documents, as well as pictures, spreadsheets, databases, and other general-purpose content. Every file bears an extension that's unique to the specific Trojan, such as the Meka Ransomware's adding 'meka' to the names.

Besides this readily-obvious function, the Meka Ransomware also can conduct less-visible ones, including deleting local backups, installing Mimikatz (a password thief), or blocking websites from loading in your browser. The latter uses a Hosts file-based edit that is, fortunately, not difficult for users to correct.

Besides all of these issues, the Meka Ransomware also drops a ransom note. Although it uses one of the templates that STOP Ransomware is known for, malware experts point out the swap of e-mail addresses. This change could be due to old accounts being shut down or a structural change in the RaaS business.

Putting the Real Stop on a STOP Ransomware Family Offshoot

The Meka Ransomware offers no more or less than the dangers that readers already should associate with many campaigns just like it. Although old versions of the STOP Ransomware, such as the Djvu Ransomware, included theoretical vulnerabilities or historical database leaks that made unlocking possible, modern iterations lack these problems. Just like the Nakw Ransomware, the Coot Ransomware, or the Leto Ransomware, the Meka Ransomware isn't decryptable for free.

Although no confirmations of its infection techniques are available, malware experts find most versions of the STOP Ransomware using semi-predictable installer exploits. Users can protect their PCs from most of these scenarios by installing all security patches, using appropriate passwords, and avoiding inappropriate downloads like fake e-mail attachments and illicit torrents. Disabling browser scripts can provide another layer of protection and counteract Exploit Kits, to some degree.

The Meka Ransomware is from a family that's known for its Southeast Asian and Windows-based attacks, but a new version can add unexpected tweaks to the mix. No one should bet their files on happenstance when something as sensible as a backup is all that it takes to render the Meka Ransomware impotent.

Loading...