Home Malware Programs Ransomware Seto Ransomware

Seto Ransomware

Posted: October 4, 2019

The Seto Ransomware is a file-locking Trojan that comes from the STOP Ransomware, a Ransomware-as-a-Service business. The family includes consistent traits across most members, such as creating ransom messages, blocking files with (usually) secure encryption, and removing backups. Users can protect their systems by letting anti-malware software remove the Seto Ransomware on sight and preserve backups for recovery without a ransom.

The STOP Ransomware Belies Its Name, Once Again

Ransomware-as-a-Service will continue growing until no more money is coming from its business model, regardless of the legality or morality of the industry. As proof par excellence of this long-term trend, readers can just watch the STOP Ransomware and its ongoing, seemingly infinite growth. Malware experts are confirming yet another version of it, although its version number and distribution range require more investigation

Unlike most of its family, the Seto Ransomware uses a 'brand name' that might be Japanese linguistically, although it also has a strong chance of being random. Past attacks from the family, such as Todar Ransomware, the Grovat Ransomware, the Rectot Ransomware, the Pidom Ransomware, show an overall, but not exclusive, preference for victims in Asia, such as India or the Philippines. The Seto Ransomware's gaining any purchase in Japan seems unlikely, due to both past statistics and the fact that its extortionist demands are in English.

The Seto Ransomware, like its above predecessors, uses encryption for 'locking' files, with which it targets documents, pictures and other media of value. The added 'seto' extension on them is the main change that the Seto Ransomware includes over previous campaigns. Notably, this family's encryption security is variable heavily, based on the Trojan's connection to the remote C&C server. Users should check with experienced PC security researchers before assuming the worst for their files.

Taking the Trojan Out of Your Downloads

File-locking Trojans can circulate via several strategies, but the majority of Ransomware-as-a-Service variants use ones requiring some consent from victims, such as e-mail attachments with manually-enabled macros. Networks running with unpatched software or brute-force-liable logins, such as 'easy' passwords, also are at high risk of getting targeted by members of the Seto Ransomware's family. In some cases, malware analysts also link the STOP Ransomware attacks to victims downloading illicit software through torrents.

Since all of the above methods require negligence from the victims, users can protect themselves by maintaining best practices for browsing the Web and securing their computers. Using complex passwords, disabling unsafe features like JavaScript, and refusing illicit download links are appropriate ways of avoiding these campaigns. Due to the problems with decrypting the Seto Ransomware and its fellow STOP Ransomware releases, preventing infections can be most users' only way of keeping their media intact.

Thankfully, most anti-malware products identify the STOP Ransomware in most of its numerous variations easily. Active anti-malware protection can block these installation exploits or remove the Seto Ransomware as necessary.
Whether it's aiming for Japan or any other country in the world, the Seto Ransomware is a sharp reminder not to rest on one's laurels. After all, the criminals hiring these Ransomware-as-a-Services aren't sleeping on the job – even if their job is sabotaging your data.

Related Posts

Loading...