Home Malware Programs Ransomware STAFS Ransomware

STAFS Ransomware

Posted: August 21, 2019

The STAFS Ransomware is a file-locking Trojan from the Dharma Ransomware's Ransomware-as-a-Service. This family of threats can block files with encryption and conduct other attacks, including changing their extensions, removing your back-ups, and creating ransom-demanding messages. You always should have appropriate anti-malware tools delete the STAFS Ransomware or quarantine it before proceeding with any ideal recovery options.

The Flag of Greed Waves from Another Staff

The possibly-Icelandic STAFS Ransomware is the newest version of the Dharma Ransomware to grace the wild, with an attack routine that keeps the usual focus of extortion through encryption. While malware experts can't confirm all characteristic symptoms and features related to its family, the STAFS Ransomware is a functional file-locker. Users without the appropriate safeguards may lose their data to a Trojan-for-hire with no recovery options of any reliability.

The STAFS Ransomware's payload includes non-consensual encryption, which is a file-blocking feature that uses AES and RSA algorithms (as per the Dharma Ransomware family, the STOP Ransomware and some others). The Trojan searches the PC, including, potentially, removable or network-shared drives, for Word documents, JPG or BMP pictures and other media. After locking this content and adding its 'stafs' string as an extension, the STAFS Ransomware delivers its ransom demands.

Malware researchers only are verifying the presence of an advanced Web page note with the STAFS Ransomware, although it may, also, generate a matching TXT file. The instructions follow Dharma Ransomware's traditional template and offer a sample of their decryptor and a Bitcoin ransom demand. Since criminals can take these coins and refuse their services, victims should reserve this option as a last resort if they consider it at all.

Accommodating the Dangers of Trojans at Large

The Ransomware-as-a-Service industry's geographical ubiquity and inherently variable clientele make for an uncertain foundation for any, singular Trojan's campaign. Although predicting the STAFS Ransomware's infection strategies without fail isn't possible, malware experts do recommend avoiding unsafe e-mail attachments, torrents and ad-delivered downloads. Any servers that are accessible by the Internet at large are also at risk from brute-forcing against their login credentials or misuse of their RDP features.

Encrypted content isn't always decryptable without the help of a possibly-uncooperative threat actor. This caution applies to both the STAFS Ransomware and its older relatives like the BKP Ransomware, the Blammo@cock.li Ransomware, the DDOS Ransomware, the '.korea File Extension' Ransomware or the 'suppfirecrypt@qq.com' Ransomware. Windows users are at particular risk from this family and always should have at least one backup on another, less vulnerable device.

Because the Dharma Ransomware's family has limited self-obfuscatory qualities, most security products should detect it through conventional heuristics. Let your anti-malware program of choice remove the STAFS Ransomware while it scans your computer and implement recovery solutions, such as backups or free decryptors, afterward.

There are more than sufficient reasons for taking care of your PC and the files on it already, but the STAFS Ransomware is adding one more for the public, anyway. While keeping a backup up-to-date is troublesome, the ransoms that Trojans like the STAFS Ransomware ask for are more harrowing substantially.

Loading...