Acton Ransomware
The Acton Ransomware is data-locker ransomware, and like other ransomware, its goal is to compromise a system and encrypt as much data as possible. The intent is to force the users to pay a ransom using Bitcoin to unlock their data. The Acton Ransomware is a new variant of the very effective Phobos Ransomware. The Acton Ransomware is distributed using spam emails, fake download sources, fake software updaters and corrupted "cracked" software torrents. The Acton Ransomware does not appear to attack any specific region or Internet user.
Table of Contents
How the Acton Ransomware Works
The Acton Ransomware works like any other ransomware. Once it infects a system, the malware finds and encrypts as much data as it is able to access. The ransomware then appends each file name with a unique "victim ID," the attacker's email address and ".Acton." This means that a file called "abc.xyz" is renamed something like "abc.xyz.d[E32852A00-10537].[b.actonattacker@aol.com].Acton." The Acton Ransomware can be deployed via an executable (.exe), a system file (.dll), or even an MS Office document (.doc, .docx, .xls, .xlsx). Once the Acton Ransomware is deployed, it quickly encrypts most of the files on the system disks. The Acton Ransomware uses an unknown encryption method, which generates a unique decryption key for each attack. It also shows a "ransom note" on the desktop and affected folders containing instructions for paying the ransom and decrypting your data.
Sample Ransom Note
'All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail b.morningtonjones@aol.com
Write this ID in the title of your message 1E857D00-1091
In case of no answer in 24 hours write us to this e-mail:dennet.smellie@aol.com
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases, backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'
Protecting Yourself from the Acton Ransomware
Never download and run a file from an unknown source. Malware can be hidden inside direct downloads, torrents and email attachments. Do not download torrents from unknown sources whenever possible. It may not be a productive idea to run an executable file downloaded from a torrent or untrusted source. If you don't use an anti-malware or ant-virus software currently, download and install one now. Most operating systems like Windows or Macs will ship with protective software these days, but these need to be enabled and kept updated. An ant-virus or anti-malware tool is only as effective as its virus definitions. These can be updated daily so that you need to give the tool permissions to update itself as often as necessary
Malware, like the Acton Ransomware, also can be spread using spam email. Never download an attachment from any email, unless you are certain who the sender is. Even if a file is attached to an email from a known source, double-check to make sure the email address is accurate. When downloading attachments from an authentic email, make sure the attachment makes sense in context with the email content. Avoid running executable files attached to emails at all costs. Sometimes a corrupted file can be attached to an email without the sender's knowledge.
Lastly, keep regular backups of all your important data. Despite your best efforts, there is always the risk of a corrupted script running on your system and deploying malware or ransomware. The only real remedy, in this case, is to format your hard disk and start fresh or restore your data from a clean backup. For your most sensitive data, it is a good practice to keep a copy on the cloud, on a physical disk that is not located in the same location, or at least on the same network as your primary disk.
My Device Has Been Infected. What do I do Now?
A lot of software available online claim to be able to decrypt files affected by ransomware. While some may indeed be effective at detecting and removing malware, it is nearly impossible to recover encrypted files without an encryption key. Your best option is to format your disk and start from scratch or restore your data from a backup that you know to be clean of any malware. Even the smallest remnant of malware can replicate itself and infect an entire system again. Under no circumstances should you ever reach out to the attackers or pay any ransom. Bitcoin transactions are untraceable, and as such, the attackers feel no obligation to keep up their end of the deal. More likely is the scenario where the attackers either disappear after being paid or request more money once they have your attention. You might even open yourself up to other attacks by communicating with the attackers.
