Home Malware Programs Ransomware 'syndicateXXX@aol.com' Ransomware

'syndicateXXX@aol.com' Ransomware

Posted: October 31, 2018

The 'syndicateXXX@aol.com' Ransomware is a new version of the Dharma Ransomware, which uses the Ransomware-as-a-Service method of distribution. Its attacks target your media-related files, including text documents, pictures, and other formats, and adds extensions with ID numbers and e-mails to their names. Keeping backups of your work secure will deprive this threat of any ransom-negotiating leverage, and anti-malware products of most brands may remove the 'syndicateXXX@aol.com' Ransomware for eliminating its attack opportunities against your files.

A Trojan Tweaks Its Filter System for Sabotaging Data

Another version of the Dharma Ransomware is being seen soon after the 'help@decrypt-files.info' Ransomware, 'the getdataback@fros.cc' Ransomware, the 'blacklist@clock.li' Ransomware, the 'backtonormal@foxmail.com' Ransomware, and its other family members. Beyond its being evidence of this Ransomware-as-a-Service program's continuing efficacy, the 'syndicateXXX@aol.com' Ransomware also is organizing its attacks from the old variants slightly differently. Whether its changes are long-term ones, or specific to its campaign, malware experts have yet to determine.

The 'syndicateXXX@aol.com' Ransomware, still, uses encryption for blocking files on your PC and may target various folders throughout it, as well as other locations it accesses over any non-secured network connections. The 'syndicateXXX@aol.com' Ransomware flags their names with both its e-mail address, an ID, and an 'xxxx' extension, which users may find helpful for searching for the locked data. This data-enciphering routine also includes the 'syndicateXXX@aol.com' Ransomware's most important change: malware experts can verify that the 'syndicateXXX@aol.com' Ransomware is attacking a variety of different formats. However, all of the commonly-used ones like Notepad TXTs, JPG pictures, and PowerPoint PPTs remain vulnerable.

While its infection vectors are unverifiable, for now, the 'syndicateXXX@aol.com' Ransomware is using a 'packer' or file-compression system for reducing its footprint and, possibly, hiding it from some AV brands. Ironically, most cyber-security products are detecting the space-compressed version of the 'syndicateXXX@aol.com' Ransomware more readily than its unpacked stage, although users should update their security software for better rates regularly.

Bringing Down a Small Branch of a Criminal Syndicate

The 'syndicateXXX@aol.com' Ransomware, like nearly all file-locker Trojans, requires exclusive access to the user's files for locking them and forcing the owner into a negotiating position. Backing up files to other drives, especially ones that are disconnected or include security entirely, can remove any leverage that criminals gain from the 'syndicateXXX@aol.com' Ransomware infections. Malware researchers recommend against any assumptions of the Windows System Restore options being available since most versions of the Dharma Ransomware erase them by default.

Network administrators should continue using passwords that adhere to conventional security guidelines and monitoring their firewall configurations for reducing the chances of the 'syndicateXXX@aol.com' Ransomware's introduction via a brute-force or RDP attack. Some users also may experience targeting through e-mail, of which, attached documents with unsafe content are typical infection techniques. While its encryption is more likely than otherwise of being unbreakable, many anti-malware brands can uninstall the 'syndicateXXX@aol.com' Ransomware effectively or even block its installation routine.

The 'syndicateXXX@aol.com' Ransomware is no more than a small update for the Dharma Ransomware. However, size isn't everything, and the fact that it's trying to block different media types should raise the concern of anyone who thought that their work was out of a Trojan's reach.

Loading...