Home Malware Programs Ransomware SuddenTax Ransomware

SuddenTax Ransomware

Posted: February 16, 2018

The SuddenTax Ransomware is a member of the Globe Imposter Ransomware family of threats. These Trojans pretend to be versions of the more secure Globe Ransomware Trojan and also lock your files so that they can extort ransom money. Malware experts can recommend using freeware decryption programs or backups for undoing any loss of media and removing the SuddenTax Ransomware with the aid of any reputable brand of anti-malware product.

A Tax on Computers that You Weren't Expecting

The Globe Imposter Ransomware and its upgrades, like the Globe Imposter 2.0 Ransomware, are a frequent part of the threat landscape for the data-locking campaigns of the current year. The targets of such attacks usually, but not always, are corporate-based, such as with the last series of the SuddenTax Ransomware infections. This Trojan's authors are spreading it by means such as brute-forcing network logins or spam e-mails, after which, the SuddenTax Ransomware can hold captive the contents of the server.

While the SuddenTax Ransomware's campaign is live, malware experts can't, yet, identify its specific infection vectors or the group of threat actors who are responsible for its distribution. The SuddenTax Ransomware is Windows software, and installing the Trojan on that OS enables it to load a series of attacks that include data encryption without a victim-facing user interface. The appending of the '.suddentax' extension, which is specific to this Trojan's campaign, helps any users sort these non-opening files from unaltered ones.

The SuddenTax Ransomware also generates either an HTML or HTA (advanced HTML) page and places it in the same directory as the encryption-damaged media. These ransoming instructions are ones that malware experts see as parts of other Trojan attacks, but the threat actors change the payment and e-mail addresses. The SuddenTax Ransomware asks for two Bitcoins, or over twenty thousand USD, for restoring your files, which implicates that its threat actors as targeting well-financed, corporate entities heavily, instead of individual computer owners.

Getting the Tax Cut that Everyone Deserves

In the past, file-locking Trojans were notable for their data-based sabotaging of companies residing in sectors as different as healthcare and oil, and countries as diverse as Iran and the United States. Malware analysts found two infection methods archetypal for campaigns just like the SuddenTax Ransomware's attacks:

  • E-mail attachments may carry the SuddenTax Ransomware directly, or distribute an installation mechanism, such as a macro-based, Trojan dropper. Examples of disguised installers for this Trojan can include fake delivery messages, employee communications or office equipment notifications.
  • The threat actors also can breach a vulnerable network and drop their Trojan on it without needing a user to provide any first contact access. Short, simplistic, and popular passwords all are at high risks of compromise, thanks to brute-force hacking software.

Since the SuddenTax Ransomware belongs to a family that uses more than one type of encryption, depending on the version in question, malware researchers can't confirm any indefinite potential for a decryptor that would recover your files without a charge. Segregated backups are the standardized means of defending your workplace data from file-locking attacks of all types. Roughly one out of every two anti-malware products are blocking and removing the SuddenTax Ransomware safely currently, as well.

Trojans like the SuddenTax Ransomware, or its brothers, the PSCrypt Ransomware, the Uridzu Ransomware, and the Panda Ransomware, can make the act of opening the wrong file cost thousands of dollars for any company. Training your workers on good Web-browsing habits and using secure means of data storage has never been more relevant than in 2018.

Loading...