Home Malware Programs Ransomware Start Ransomware

Start Ransomware

Posted: October 31, 2019

The Start Ransomware is a file-locking Trojan from the family of Crysis Ransomware or Dharma Ransomware (two terms for the same group). The Start Ransomware can harm your files and stop them from opening with its encryption and may demand ransoms or remove Windows backups. Appropriate network admin practices will stop many infection attempts, and professional anti-malware programs should recognize and remove the Start Ransomware.

The Start of More Trojan-Instigated File Problems

Another threat actor is hiring the services of the Ransomware-as-a-Service industry for spreading harmful encryption, extortion, and, it appears, lewd jokes. The Start Ransomware is a fresh variant of the Dharma Ransomware family, one of a handful of Trojans-for-hire vying for the top spot in the RaaS sector in 2019. Like the also-new Asus Ransomware or the older 'getdataback@fros.cc' Ransomware, the 'paydecryption@qq.com' Ransomware, and the Darknes@420blaze.it Ransomware, the Start Ransomware represents a possible danger to most Windows users' files.

The Start Ransomware's infection methods require further samples for determining, but it shows no signs of using certificates, metadata, or other disguises for hiding its installer, which criminals could be running manually. The 32-bit Windows program establishes persistence through the Registry and uses a mutex for keeping multiple copies from running, as per the norm for the Dharma Ransomware. Then, it starts locking files.

The updated encryption routine for the Start Ransomware's family is secure, ordinarily, against third parties. It serves as an effective attack for blocking documents, image galleries, and other content, while the payload creates a ransom note for the victim. Malware researchers haven't seen the Start Ransomware's ransoming address before now – which spoofs a sexually-suggestive theme in its second half. The Start Ransomware may deliver its demands in Notepad-style TXTs, local Web pages or pop-up windows.

Stopping Ransoms before They Get Started

Besides its encryption, the Start Ransomware offers further problems for users who presume too much about the safety of Windows recovery features. It silently loads the CMD utility and executes a command for wiping the Shadow Volume Copies, without which, the Windows Restore Points are unavailable. Since this problem is rife among file-locking Trojans, most victims should, hopefully, have a backup on another, secured device.

Users also might take precautions against threat actors accessing their systems remotely. Public Internet-accessible RDP features, non-secure passwords, and outdated server software are possible routes through which criminals could gain control over your PC. While these issues pertain to small businesses with limited security protocols predominantly, the Start Ransomware also can block files on individual users' computers.

This family does, however, lack significant obfuscation or stealth against static analysis solutions. Anti-malware vendors' products can eliminate the Start Ransomware safely without problems.

The Start Ransomware isn't the start of something new, so much as it is a refrain in a theme most users ought to know. Those who risk living without proper backups may pay one price or another – either the Start Ransomware's ransom or their files.

Related Posts

Loading...