Threat Database Ransomware Aviso Ransomware

Aviso Ransomware

By CagedTech in Ransomware

Malware researchers from the University of Valencia presented a study of the Aviso Ransomware in October 2016 that covered a variant of TorrentLocker. The Aviso Encryption Trojan is written in the AutoIt programming language. What brought the new variant to attention is the spam email used to deploy the threat to users. There are reports that the Aviso Ransomware is delivered with 'ENDESA_FACTURA.zip,' which is presented to users as a bill from Endesa S.A. The Aviso Encryption Trojan appears to target Windows users in Spain predominantly and might be a custom built that is being tested locally before being distributed globally.

AV vendors may label the Aviso Trojan under the name Crypt888 Ransomware as well. The coders behind the Aviso Ransomware might be using a misappropriated digital certificate issued to Endesa S.A. and bypass code signing check. Windows 7 and later versions of the OS feature a security mechanism that checks the digital certificate of any file you run. That functionality is supplemented by AV programs doing a passive code analysis in the background. However, the Aviso Ransomware features obfuscation layers that may allow it to remain undetected and operate on your system for a prolonged period. The Crypt888 Ransomware is programmed to target commonly used data containers such as:

.3GP, .7Z, .APK, .AVI, .BMP, .CDR, .CER, .CHM, CONF, .CSS, .CSV, .DAT, .DB, .DBF, .DJVU, .DBX, .DOCM, ,DOC, .EPUB, .DOCX .FB2, .FLV, .GIF, .GZ, .ISO .IBOOKS,.JPEG, .JPG, .KEY, .MDB .MD2, .MDF, .MHT, .MOBI .MHTM, .MKV, .MOV, .MP3, .MP4, .MPG .MPEG, .PICT, .PDF, .PPS, .PKG, .PNG, .PPT .PPTX, .PPSX, .PSD, .RAR, .RTF, .SCR, .SWF, .SAV, .TIFF, .TIF, .TBL, .TORRENT, .TXT, .VSD,.WMV, .XLS, .XLSX, .XPS, .XML, .CKP, ZIP, .JAVA, .PY, .ASM, .C, .CPP, .CS, .JS, .PHP, .DACPAC, .RBW, .RB, .MRG, .DCX, .DB3, .SQL, .SQLITE3, .SQLITE, .SQLITEDB, .PSD, .PSP, .PDB, .DXF, .DWG, .DRW, .CASB, .CCP, .CAL, .CMX, .CR2.

The Aviso Encryption Trojan is not very different from the APT Ransomware and the Deadly Ransomware. The Aviso Ransomware combines the AES and RSA encryption standards to lock the user's files efficiently. Security researchers reveal that the Aviso Ransomware is programmed to encrypt files stored on local drives and is unable to encode data on networks shares as of the time writing this. You can recognize the affected files by the 'Lock.' prefix that is placed before the filename. For example, 'sand_casttle.png' will be transcoded to 'Lock.sand_casttle.png'. The ransom note is available in a few languages including Italian, Spanish, Portuguese, Czech and English. An example of the notes in English and Portuguese can be found below:

  • Variant 1:
  • 'Hello,
    You've stolen 48.48 BTC from the wrong people, please be so kind to return them and we will return your files.
    Don't take us for fools, we know more about you than you know about yourself.
    Pay us back and we won't take further action, don't pay and be prepared.
    [34 random characters]'

  • Variant 2:
  • 'Olá Sr(a),
    TODOS os seus arqurvos foram BLOQUEADOS e esse bloqueio somente ser á DESBLOQUEAdo caso pague o valor de RS 2000.00 (Dois Mil Reais) em Bitcoons Após o pagamento desse valor, basta me enviar um pnnt para o email_
    infomacaonh@gmail.com
    que estarei lhe enviando o programa com a senha para descryptografar/desbloquear o seus arquivos.
    Caso o pagamento nao seja efetuado, todos os seus dados serao bloqueados
    permanentemente e o seu computador será totalmente formatado
    (Perdendo assim, todas as informa ções s contidas nele, incluindo senhas de email, bancarias...) O pagamento deverá ser efetuado nesse endereco de Bitcoin
    [34 random characters]'

Threats like the Aviso (Crypt888) Ransomware tend to receive updates in the future that expand their capabilities, and we expect to see improved code. Users that are infected with the Aviso Ransomware may find a new text document on their desktops, which includes information like the ID number and email for contact. Security experts do not recommend paying the ransom or contacting the operators of the Aviso Ransomware. At the time of writing this, there are no reports suggesting victims receiving a decryptor and been able to unlock their files by paying the ransom. Computer users can explore safer techniques to restore their data. You should use a trusted anti-malware application to delete the Aviso Ransomware and prevent its execution on the next system launch. Cloud-based storage like the Google Drive and Dropbox might prove invaluable when you need to recover from an attack with the Aviso Ransomware. The best source of backups is considered to be removable HDD and SSD drives that are very unlikely to be compromised by threats like the Aviso Ransomware.

SpyHunter Detects & Remove Aviso Ransomware

File System Details

Aviso Ransomware may create the following file(s):
# File Name MD5 Detections
1. file.exe 86c85bd08dfac63df65eaeae82ed14f7 0

Related Posts

Trending

Most Viewed

Loading...