Home Malware Programs Ransomware Taargo Ransomware

Taargo Ransomware

Posted: April 1, 2020

The Taargo Ransomware is a file-locking Trojan from the Globe Imposter Ransomware family. Users exposed to this threat may be incapable of opening their files, media like documents, particularly, and see ransom notes as local Web pages (HTML). Because its encryption routine is secure currently, users require safely-stored backups for recovering any content, as well as anti-malware products for uninstalling the Taargo Ransomware safely.

Imposters Back in Action for Cash

While some threats, like the CoronaVirus Ransomware and the CovidLock Ransomware, ride the wave of recent newsworthy events with their payloads, other, older Trojans are sticking to more generic and 'traditional' attacks. Although the Globe Imposter Ransomware family is a copycat of the even older Globe Ransomware RaaS, there's nothing superficial about the damage its encryption routine causes. The Taargo Ransomware, the latest version of the Globe Imposter Ransomware for confirmation of being in the wild, is the next label put to a well-used and nearly-perfected extortion scheme.

In the same style as the ANAMI Ransomware, the Badday Ransomware, the BlueCheeser Ransomware, or the IGAMI Ransomware, the Taargo Ransomware uses data encryption as a bludgeon. It encrypts file data for media in directories such as the Windows Pictures and Documents locations, preferentially, so that it can't open. More cosmetically, it also adds its new e-mail address and the 'taargo' extension (which is possibly Somalian) to their filenames.

Each directory holding encrypted content also receives the Taargo Ransomware's ransom note, an HTML file whose only update is the change of e-mail addresses. The Trojan offers the usual, vague instructions for paying to get one's data decrypted back to normal, without a trial or a cost estimate. The two-day deadline and insistence on using free, 'anonymous' e-mail services are part of what sets the Taargo Ransomware's family apart from other Ransomware-as-a-Services. Paying is just as risky, in either case.

Making Sure that Trojan Campaigns Stay in Poverty

Samples of the Taargo Ransomware are differing, in terms of names; some are using random strings of characters, while others are disguising themselves with the more-interpretable '_aro' name, either as a BIN or a conventional Windows executable (EXE). In all cases, the Taargo Ransomware is a 32-bit Windows program and represents the most likely risk to users of most Windows operating systems, including both work networks and home PCs. Malware researchers continue finding no noteworthy vulnerabilities in this family's file-locking feature, and backup precautions are advisable for all critical digital media.

Users with traditional anti-malware products are unlikely to experience Taargo Ransomware infections. This Trojan is highly-identifiable and lacks any updates for improving its evasion rates versus the usual threat-detection techniques. Infection vectors for its campaign may run the gamut from torrents and other, piracy-themed downloads to workplace-themed e-mail schemes, such as fake attached invoices.

Reliable Windows anti-malware products can't unlock files that the Taargo Ransomware attacks, but may block the Trojan or even remove the Taargo Ransomware afterward without any significant problems.

A predator needn't change its stripes if the same-old tricks get the job done. Whatever camouflage the Taargo Ransomware uses, it seems sufficient for making its way onto one or more victims' Windows computers, to the detriment of any data on their drives.

Loading...