14x Ransomware

The 14x Ransomware is a file-locking Trojan that's part of a Ransomware-as-a-Service called Dharma Ransomware or Crysis Ransomware. The 14x Ransomware's primary purpose is stopping media files like documents and images from opening, which it does by encrypting them. Users should ignore the Trojan's ransom demands and recover from a backup after deleting the 14x Ransomware with a trustworthy security solution.

Service Never Stops with File-Assuming Trojans

Ransomware-as-a-Services like the STOP Ransomware families, the Globe Ransomware, and the Dharma Ransomware still are critical geographical features in the threat landscape. Although the Dharma Ransomware's early variants start from 2016, the 14x Ransomware shows a business with longevity. Fortunately, since its attacks are similar to other samples over the past months, users needn't implement any extra precautions specific to the 14x Ransomware release.

The 14x Ransomware blocks files with a secure, AES algorithm-based encryption feature and targets ransom-appropriate media formats, such as JPG pictures, Word documents or Excel spreadsheets. Users can identify the 14x Ransomware's locked files by the unique 'axitrun' e-mail address, the string of '14x,' and the ID it places in their names. Casual readers also should note that changing the name doesn't unlock the file and may hamper any unlocking or decryption solutions.

Some of the less-visible but still harmful features in the 14x Ransomware's payload include deleting the Shadow Volume Copies (which Windows uses for the Restore Points) and terminating some software so that it can maximize its access to files. In contrast, the 14x Ransomware generates very-visible text and HTA files for ransom notes intentionally, which tells victims to e-mail the attacker for negotiating the ransom over the unlocking service.

Because the Dharma Ransomware family employs a generic template, the IDs and e-mail addresses are the only differences in the notes versus other campaigns that hail from the same RaaS. Unfortunately, the 14x Ransomware also is secure against free data-unlocking solutions equally, just like numerous relatives (see: the 'paydecryption@qq.com' Ransomware, the LDPR Ransomware, the 2048 Ransomware or the 2021 Ransomware).

Dodging Out of a Trojan's Dance of Numbers

Since the encryption that the 14x Ransomware uses is currently-unbreakable, most victims should place all their hopes in appropriately-protected backups. Malware experts recommend against having Restore Points as the only recovery option for any digital media. However, detached storage drives and password-protected cloud servers are practical alternatives.

Windows users at risk from the 14x Ransomware also should implement every appropriate precaution to restrict contact with any infection vectors. Typical file-locker Trojans will use fake software updates or vulnerabilities through browser-attacking Exploit Kits, either through advertising networks or dedicated websites. Some users also may invite attacks by clicking on e-mail attachments blindly, downloading illicit torrents or using bad passwords for their admin accounts.

Because there are few variations in most file-locking Trojans' families' themes, malware analysts expect no obstacles to the security industry's detecting this update. Users with any traditional cyber-security solution can safely delete the 14x Ransomware and preempt the file-locking behavior.

The 14x Ransomware business strategy has years of proof behind its profits. Every victim who bucks that trend by rejecting its vague extortion will limit its family's further distribution and attacks against media.