Home Malware Programs Ransomware RagnarokCry Ransomware

RagnarokCry Ransomware

Posted: January 20, 2020

The RagnarokCry Ransomware is a file-locking Trojan that can block your PC's documents and similar digital media. Its encryption could be irreversible without the threat actor's help, which is dependent on a ransom payment. Users can curate their backups responsibly for saving any files, as well as rely on updated anti-malware services for catching and removing the RagnarokCry Ransomware.

Norse Myth is Another Rallying Cry for Stoppering Your PC's Data

A file-locking Trojan that's just becoming identifiable as a distinct threat is taking inspiration from both Norse mythology and more-recent Trojan campaigns. Besides borrowing the name of the legendarily-destructive WannaCryptor Ransomware family, the RagnarokCry Ransomware combines it with the Norse mythological term for the end of the world, AKA armageddon. For PC owners without appropriate backups, that title could be an appropriate one for their files.

The RagnarokCry Ransomware shares the 32-bit, Windows-based characteristics of an extreme majority of similar, file-locking Trojan programs, including unrelated threats like the '.btix File Extension' Ransomware, the Picocode Ransomware, the Start Ransomware, and the TotalWipeOut Ransomware. While it has no familial ties or label, its payload isn't dissimilar to a Ransomware-as-a-Service. It runs off of encrypting digital media (such as Word DOCs or JPG pictures) and appending its 'ragnorak_cry' extension onto their names. The attack locks the file from opening and requires a decryptor, with the relevant algorithm and key data, for reversing.

Malware analysts can't yet determine whether or not there's a chance of free unlocking or decryption services becoming available. They do, however, see the Trojan's payloads dropping uniquely-worded ransom TXT notes in poor English. The threat actor is selling his unlocking service for an unknown fee and is using a free e-mail for negotiating without any alternative or backup communication channels. This practice is more common among independent criminals who put little effort into their ransoming infrastructure or 'business.'

It Doesn't Have to be the End of the World for Your Files

The RagnarokCry Ransomware isn't the first time that a Trojan has taken over Norse mythology for a crime. This choice is part of a long-term trend of theming in Black Hat software that goes from the Vidar Stealer and LokiBot spyware down to smaller threats like the Heimdall Ransomware and the Sigrun Ransomware. Generally, the theme indicates no special relationship with Europe. Most file-locking Trojans will target victims throughout the world as the opportunity presents itself.

Users who maintain unsafe passwords, download illicit torrents, enable JavaScript in Web browsers, or open macro-using e-mail attachments are especially at risk from file-locking Trojan campaigns. While malware researchers find no special defensive features in the RagnarokCry Ransomware, the Trojan's being new and unrelated to past families may also hamper threat-detection efforts by some security products. Updating databases for all relevant security software can lower the danger of the Trojan's going undetected.

Despite the above issue, anti-malware solutions still are essential means of deleting the RagnarokCry Ransomware safely. Manual uninstallation requires changes to the Registry and, in inexperienced hands, may damage the Windows OS.

Early reports put a possible connection between the RagnarokCry Ransomware and the 2019's MegaCortex Ransomware. Whether that's true or the RagnarokCry Ransomware is truly an independent apocalypse, it only is the 'end of the world' for victims who don't take the proper precautions for preparing for it.

Loading...