Afrodita Ransomware
Most authors of ransomware tend to propagate their creations as far and as wide as they possibly can. However, this is not always the case. Some con actors that propagate ransomware threats prefer to concentrate their efforts on fewer targets, but of higher quality. It would appear that this is the case with the recently spotted file-locking Trojan called the Afrodita Ransomware.
Propagation and Encryption
The authors of the Afrodita Ransomware have opted to target companies operating in Croatia exclusively. The Afrodita Ransomware is being propagated via phishing emails that contain a fraudulent message containing various social engineering tricks and a corrupted attachment, which at first glance appears to be nothing more than a regular spreadsheet. However, the spreadsheet is macro-laced, which means that if the intended target launches the file, the payload of the Afrodita Ransomware will be downloaded and executed. Next, the Afrodita Ransomware will make sure to sniff out all the file types it was programmed to target, and when this phase of the attack has been completed, the threat will begin the encryption process.
The Ransom Note
When the Afrodita Ransomware locks all the targeted file successfully, the threat will drop a ransom note on the user’s desktop. The note is named ‘__README__ENCRYPTED__AFRODITA__.txt.’ The message of the authors of the Afrodita Ransomware is rather short and to the point. Instead of explaining to the users that they have become a victim of a ransomware attack, the creators of the Afrodita Ransomware simply link them to a Tor-based page where the person can get in touch with the attackers. The authors of this nasty Trojan do not mention a specific ransom fee, but it is likely that they will demand no less than several hundred dollars in exchange for a decryption key.
It is best to avoid contacting cybercriminals as there is a very slim chance that they will keep the promises they will make to you. Many victims of data-encrypting Trojans like the Afrodita Ransomware never receive the decryption key they needed, despite paying the ransom fee. This is why you should consider trusting a reputable anti-virus software suite to clear your system of the Afrodita Ransomware once and for all.
