Home Malware Programs Ransomware Picocode Ransomware

Picocode Ransomware

Posted: January 17, 2020

The Picocode Ransomware is a part of the Thanatos Ransomware family, which also includes this Trojan's recent ancestor, the Pico Ransomware. The Picocode Ransomware can lock your files by encrypting them, with particular emphasis on personal media like documents. Users should maintain backups for recovering and depend on their anti-malware solutions for catching and removing the Picocode Ransomware from their computers.

Death to Your Files Comes to 2020

One of the best reasons for rejecting any ransom demands from criminals, the Thanatos Ransomware, is reappearing in 2020, after a hiatus between its first attacks and the Pico Ransomware update, back in 2018. Although the advancements in the Picocode Ransomware are modest, it represents another source of the dangers of data encryption to users who aren't backing their work up regularly. But, unlike most file-locking Trojans, the 'unlocking' side of the Picocode Ransomware's business is fiction.

The Picocode Ransomware's ancestor, whose name comes from the Greek term for 'death,' stands out from similar Trojans due to using AES encryption without preserving the required key for reversing it. Such attacks will lock your files and stop their opening while the threat actor demands ransom money, such as Bitcoins. However, most campaigns provide, at least, a realistic possibility of recovering content, whereas the Thanatos Ransomware, the Pico Ransomware, and the new the Picocode Ransomware merely fake it.

Users may take notice of other attributes that are maintaining themselves in the Picocode Ransomware's samples, which set it slightly apart from similar attacks:

  • Although it may sabotage data in other locations, the Picocode Ransomware shows a preference for directories related to media, such as a Windows user's Documents, Videos, Music and Pictures.
  • The Picocode Ransomware appends extensions onto filenames that include its name and an '8523' serial, which references the criminal's Discord account-based contact address.
  • Unlike more professional competitors like the Scarab Ransomware RaaS, the Picocode Ransomware creates identical ransom notes in every directory with blocked files.

    The Picocode Ransomware's message has few changes from old iterations of the Thanatos Ransomware, excepting the new account for negotiations. The threat actor still demands 100 USD in Bitcoins – without mentioning that the Trojan doesn't preserve the necessary decryption key. Thankfully, our malware experts can verify no ransom payments, or other activity, in this campaign's Bitcoin wallet, as of mid-January.

    Resurrecting Your Work from Digital Demise

    The public has access to a free unlocking utility that works for some versions of Thanatos Ransomware. Such solutions may restore content from the Picocode Ransomware attacks but also have the possibility of damaging files further. Users shouldn't treat decryption as an always-available solution in file-locking Trojan infections and, instead, use responsible backup practices that keep spares of their work on other devices.

    While the Picocode Ransomware is a typical, 32-bit Windows program of small size, samples aren't giving indications of how they might circulate or install themselves. Ordinarily, threat actors use such means as spam e-mails and disguised downloads, including fake links to invoices, software cracks or recently released movies. Some organizations also are at risk from brute-force attacks or attacks of opportunity against servers running under vulnerable configurations. Updating your software, disabling possibly-harmful features like macros, and using appropriate passwords will heighten chances of your safety against the Picocode Ransomware attacks.

    Dozens of anti-malware services are flagging the Picocode Ransomware as threatening, although most products are using generic descriptions for it. The presence of updated anti-malware software should suffice for deleting the Picocode Ransomware on sight and preventing the potentially-irreversible encryption from happening.

    While the Picocode Ransomware isn't an expected sight, it's not too strange for old Trojans to be dug up, dusted off, and put to work in new campaigns. As long as people are paying, encryption-based attacks will work – even if there's no reward for spending the Bitcoins.

Loading...