Home Malware Programs Ransomware 'usacode@aol.com' Ransomware

'usacode@aol.com' Ransomware

Posted: January 24, 2019

The 'usacode@aol.com' Ransomware is a file-locking Trojan that's a variant of the Dharma Ransomware, which is a subset of the Crysis Ransomware family. This threat can keep your media from opening, delete your backups, and drop ransom notes with the threat actor's cash demands for the decryptor. Have a dedicated anti-malware program remove the 'usacode@aol.com' Ransomware and re-secure your network's credentials and settings before undertaking recovery through backups whenever possible.

A Ransom-Wielding Trojan that's Proud of Being American

The Dharma Ransomware is maintaining its relative stranglehold on being the most important branch of Crysis Ransomware, the family of Ransomware-as-a-Service Trojans that use encryption for collecting ransoms from businesses globally. The next version that malware experts can confirm as being in existence is the 'usacode@aol.com' Ransomware, without any signs of lapses in the usual security protocols that keep victims from recovering their files by themselves. The threat actor's targets aren't coming forward to the public, and all infection exploits are speculative purely.

Attacks from the 'usacode@aol.com' Ransomware, along with its relatives (such as the '.Bear File Extension' Ransomware, the Bizer Ransomware, the '.gamma File Extension' Ransomware and the guardbtc@cock.li Ransomware) use the AES encryption for their primary, file-blocking behavior. However, since AES is decryptable easily, the program protects it with a customized RSA key, as well. By default, the 'usacode@aol.com' Ransomware uploads the latter to the threat actor's C&C for withholding until the victim pays the ransom.

The 'usacode@aol.com' Ransomware flags the names of all media that it locks with 'USA' extensions, and is prone towards locking content types such as Word or Adobe PDF documents, Excel spreadsheets, audio like MP3s and MP4s, archives like ZIP or RAR and pictures especially. The advanced Web page that the 'usacode@aol.com' Ransomware creates is another symptom that the victims can use for identifying infections, although paying isn't a course of action that malware experts can recommend.

Safely Asserting the Independence of Your Files

The 'usacode@aol.com' Ransomware uses the all-too-common trick of pretending that it's a Windows component ('explorer.exe,' in this case, instead of the more-often-abused 'svchost.exe') while it's on your PC. Malware researchers also confirm ties between some versions of the 'usacode@aol.com' Ransomware and a RAR archive with the name of 'work,' which could indicate the criminal's using mislabeled downloading exploits. Victims could be compromising their computers by clicking on corrupted e-mail attachments, which may contain references to their jobs or workplace environments.

Decrypting the 'usacode@aol.com' Ransomware's files freely isn't a likely event for it any more than it is for other, modern iterations of the Dharma Ransomware, which use separate databases from the previously-exposed ones. Most infections, as well, will take countermeasures against the Windows Restore Points and other, accessible backups. Save your backups onto another device for your file recovery needs and have anti-malware products active for eliminating the 'usacode@aol.com' Ransomware automatically.

Whether or not it's sticking to attacking American businesses, the 'usacode@aol.com' Ransomware is another case of 'assembly-line' style Trojan campaigning. With creating file-locking Trojans being so effortless, the users would do well to make sure that saving their work is just as easy and frequent.

Loading...