Todarius Ransomware
The Todarius Ransomware is a file-locking Trojan that can keep content such as documents or image files from opening in their associated programs. Its attacks, also, include secondary hazards, such as a possible loss of backups, compromising the rest of a local network or dropping spyware. Have your anti-malware service remove the Todarius Ransomware upon finding it and keep your backups secure for optimal recovery.
Middle Eastern File Warfare
Residents of Egypt and neighboring areas are reporting attacks by a new version of the file-locker Trojan family of the STOP Ransomware. While malware analysts and others in the industry have thoroughly-explored the overall capabilities of this Trojan, the Todarius Ransomware represents a version upgrade from 07 to 073, which may mean that it has more surprises in store for any unsecured PCs. Like its other brethren, such as the old KEYPASS Ransomware and the INFOWAIT Ransomware or the newer Kiratos Ransomware and the Hrosas Ransomware, it blocks files for an overarching plan of extorting ransom money.
The Todarius Ransomware's standard behavior includes encrypting media files like your Word or Adobe PDF documents, among other formats, with an AES algorithm, and then securing the attack by using a second, RSA one. Although the latter requires contacting its server, if it doesn't have Internet access, the program defaults to a non-dynamic key. Either option stops your files from being interpretable and, therefore, openable, by their software.
The Todarius Ransomware includes a ransoming message in TXT with an update to its e-mail address, but, otherwise, lists the same ransoming instructions for the unlocker as its predecessors did. It also adds 'todarius' extensions onto the files that it blocks, although, unlike some Ransomware-as-a-Service families, it will not modify the rest of the name's contents.
Braking on a Middle Eastern STOP Ransomware Campaign
The dangers of any Ransomware-as-a-Service family like the STOP Ransomware lie in their capacity for recruiting the talents and interests of a range of threat actors partially. Malware experts do, however, recommend watching known infection vectors, such as brute-forcing admin account logins, or spam emails, for possible Todarius Ransomware attacks. Secure passwords can prevent most brute-force efforts, and e-mail drive-by-downloads can follow templates such as macro-using Word documents or ZIP-archived executables.
The fact that its family is well-known doesn't bring the cyber-security at large any closer to gaining access to the threat actors' cache of keys for unlocking victims' media. Users can check free decryption services for possible repair options but always should have external backups for a more guaranteed solution. Shadow Volume Copy-based backups may not be available since the Todarius Ransomware's family includes options for deleting them via standard commands automatically.
Anti-malware programs, regardless of their competency, can't unlock or decrypt files. They should, however, find no problems with deleting the Todarius Ransomware, which malware experts have yet to note as containing any unusual self-defense features beyond those that are present by default in most versions of the STOP Ransomware.
The STOP Ransomware isn't stopping, and neither are the upgrades evidenced with youngster Trojans like the Todarius Ransomware. Whether it's in the Middle East or somewhere else, being unable to get to your files shouldn't be an obstacle that you pay a ransom for resolving.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.