Home Malware Programs Remote Administration Tools ROGER Ransomware

ROGER Ransomware

Posted: November 27, 2019

The ROGER Ransomware is a file-locking Trojan from the family of the Dharma Ransomware or the Crysis Ransomware, as it also is known. While its most essential attacks involve encrypting files so that they can't open, it also creates ransom notes for selling its unlocking services and may cause other side effects, such as removing backups. Users should keep anti-malware programs active and updated for both identifying and removing the ROGER Ransomware promptly.

An Invitation to a Seedier Mister Roger's Neighborhood

As one of the most prominent of Ransomware-as-a-Services, the Crysis Ransomware family's continuing campaigns and their centerpiece Trojans are unsurprising, but a constant source of danger to users' files. Famous namesake Trojans from the family are years old, such as the Dharma Ransomware, but 2019 models like the Kharma Ransomware, the Kr Ransomware, and the Com2 Ransomware are, arguably, even more threatening. The ROGER Ransomware is only the next to join this line, with similar hazards for anyone without a backup plan.

This RaaS prides itself on AES and RSA encryption that facilitates 'locking' files, such as RTF documents, program executables, or even DLLs, which malware experts confirm all are within the ROGER Ransomware's purview. Besides blocking the actual file's content, the ROGER Ransomware also changes their names by inserting additional information at the end – a unique ID, its new AOL address and the 'ROGER' extension.

Another expected, but essential piece of evidence in the ROGER Ransomware's samples is the ongoing exploitation of the Windows CMD tool. Through this command-line utility, it erases data dependent on the Shadow Volume Copies, such as the Restore Points. This attack lets the ROGER Ransomware deprive victims of a recovery method through a local backup.

Ambling Out of a Trojan's Crime-Ridden Neighborhood

Ransomware-as-a-Service campaigns hinge their business models on multiple partners or affiliates who rent the Trojan and, usually, associated ransoming infrastructure, in exchange for accessing the encryption capabilities. Since this means of doing business makes the ROGER Ransomware's distribution potential very flexible, users should expect possible attacks from multiple angles. Malware experts do, however, see some factors put into play than others more commonly.

Administrators can block brute-force attacks and manual takeovers of their networks and servers preemptively by using appropriate password methodology and updating all software that harbors patchable vulnerabilities like CVE-2019-3568. All users also should reject downloads from illicit sources and consider disabling threatening features while browsing the Web, such as JavaScript. E-mail tactics also are commonplace vectors for infections.

The ROGER Ransomware is a Windows-specific threat, like most Ransomware-as-a-Service Trojans. Anti-malware tools compatible with that platform do have reasonable rates of finding and removing the ROGER Ransomware as a threat and are recommended for uninstalling it or preventing infections.

The ROGER Ransomware has a new name, but an old method to its criminal plans. Everyone without a backup is, at least, slightly to blame for further enabling the RaaS industry to profit off of their carelessness.

Related Posts

Loading...