Threat Database Ransomware ALLRIGHTY Ransomware

ALLRIGHTY Ransomware

By GoldSparrow in Ransomware

The ALLRIGHTY Ransomware is a rather peculiar Trojan that made its debut on January 3rd, 2019. The ALLRIGHTY Ransomware is non-standard ransomware that is distributed via pirated software, fake Web browser updates and spam emails primarily. PC security researchers alert that the ALLRIGHTY Ransomware has no encryption capabilities and drops a ransom note only. Until now, there are no reports of infected systems having encrypted data by the ALLRIGHTY Ransomware. The ALLRIGHTY Ransomware is observed to infiltrate computers and proceed to create a folder under the Temp folder, which is used to store an executable file with a random name. The ALLRIGHTY Ransomware Trojan loads the file in the system memory and collects generic information on the machine like IP address, keyboard layout, active username and monitor size. The system information is sent to its command servers, and the Trojan drops a ransom note titled 'ransom_file.txt' to the desktop before deleting itself from the local drive. The ALLRIGHTY Ransomware produces a short message that reads:

'ALLRIGHTY! TIME TO DO SOME EVIL STUFF!!!!!!!
Yeah... OK... so... We spent too much time developing these advanced anti-analysis techniques,
we got too tired to actually implement any payload...
So, do us a favour and just imagine all your files are encrypted...,
and send us some bitcoin to Ox1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa ^_^
Regards,
Your caring malware authors.'

Cybersecurity experts note that the ALLRIGHTY Ransomware does not appear to be sophisticated and it does not tamper with the Shadow Volume Services on Windows. Hence, the affected PC users should not expect to have problems recovering files and using the System Restore points they have created. You should note that the ALLRIGHTY Ransomware may receive major improvements in the coming months and you should install a reliable backup service. AV engines support detection rules for the ALLRIGHTY Ransomware and mark related resources with the following names:

Gen:Heur.Ransom.REntS.Gen.1
JokeProgram ( 0051c2691 )
Malware.Undefined!8.C (CLOUD)
Malware@#dcjh5k9kffc6
RiskTool.Agent.nr
Riskware/PUP_XDF
TROJ_GEN.R020C0PA319
Tool.Agent.Win32.17080
Trojan.GenericPMF.S1658473
Trojan.Win32.Joke.15872
Trojan.Win32.Rents.4!c
Win32/Hoax.Agent.NAK
malicious_confidence_60% (D)
malware (ai score=99)

Trending

Most Viewed

Loading...