Home Malware Programs Ransomware Origami Ransomware

Origami Ransomware

Posted: June 15, 2020

The Origami Ransomware is a file-locking Trojan that keeps media such as pictures or documents from opening by encrypting them. The Origami Ransomware also generates text ransom messaging in multiple folders, asking for Bitcoins for the threat actor's recovery help. Most users' best alternative is a properly-secured backup, and Windows anti-malware tools can assist with removing the Origami Ransomware safely.

Unfolding Ominous Shapes into Familiar Messages

File-locking Trojans are usually, but not always, an affiliate of an overarching family such as the STOP Ransomware, the Scarab Ransomware, the Jigsaw Ransomware or Hidden Tear. The smaller competition in the illicit industry isn't any less threatening to poorly-preserved data, and, in some respects, it can be even more so. The Origami Ransomware of June 2020 is a working, file-locking Trojan that earns a dishonest paycheck without much of a 'brand' behind it.

The Origami Ransomware falls into the by-far-greatest sub-category of OS for Trojans of this type, Windows. At under forty kilobytes, the threat is highly portable and might be installed through document-embedded macros, if not downloaded directly by attackers after they compromise a victim's server. With file access gained, the Origami Ransomware exploits it for encrypting the usual suspects: Word documents, JPG pictures, and other media, which it locks with AES and RSA encryption.

The Origami Ransomware's ransom note – a text file that it places in most folders with encrypted media – shows a strong resemblance to that of the Shootlock Ransomware campaign. Those attacks are themselves, updates of the Makop Ransomware. Since malware experts rated that threat's encryption as being secure previously, non-backup-equipped victims of the Origami Ransomware infections are unlikely to ever get their files back without taking the inadvisable risk of a Bitcoin ransom.

Crumpling Up Trojan Artwork

The Origami Ransomware destroys the Restore Points with the help of a well-known command-line abuse that's part of the repertoire of nearly all file-locking Trojans with financial goals. Users can protect themselves by securing their backups behind password protection or on detachable devices that limit remote access. Paying the Bitcoin ransom is a risky transaction without protections, and depends on the criminal's good-faith inclinations for regaining data.

Current samples of the Origami Ransomware are using random names for their executable files and processes. Users can depend on trustworthy anti-malware products for identifying this threat. They also should take precautions that malware experts recommend as standardized, including turning off macros in documents, disabling Java and Flash in browsers, and double-checking passwords and software installations for vulnerabilities.

The detection heuristics vary in labeling, with some vendors classifying the Origami Ransomware as part of the Phobos Ransomware's family, and others, as an offshoot of the Makop Ransomware. In either case and even if the misattribution is both ways, these products should remove the Origami Ransomware from your computer.

Whether the Origami Ransomware is or isn't a truly-independent Trojan is beside the point for any of its victims. Their files are locked just as well either way, and a backup is, by far, the least expensive way of keeping that scenario from turning into an expense of hundreds or thousands of dollars.

Loading...