AMJIXIUS Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 1 |
| First Seen: | February 8, 2021 |
| Last Seen: | February 8, 2021 |
| OS(es) Affected: | Windows |
The AMJIXIUS Ransomware is a file-locking Trojan that keeps files from opening so that the victim pays a ransom. Users can recover through backups after disinfection. Ideally, most anti-malware services will remove the AMJIXIUS Ransomware from Windows systems safely.
Convenient Programming Tools Put to Selfish Uses
Throughout the threat landscape, Microsoft's .NET Framework is a regularly-occurring element for many Trojans' foundation. This aspect is especially pertinent to file-locking Trojans, like the Makop Ransomware family, the CryptoJoker Ransomware from GitHub and the 'new kid in the class' of the AMJIXIUS Ransomware. While it's not a relative of any previous threat, readers could mistake it for most file-locker Trojans, thanks to its standard features.
Due to requiring the .NET Framework, the AMJIXIUS Ransomware only targets Windows environments. Its foundational feature blocks files with an encryption routine of currently-unknown strength, which converts documents, pictures and similar media until unreadable data. As markers of the change, the AMJIXIUS Ransomware also appends an extension: the attacker's e-mail (in brackets), the victim's random ID number (in brackets, as well), and the 'AMJIXIUS' string, which bears no known etymological significance.
The AMJIXIUS Ransomware also creates HTA pop-ups that alert victims to their plight and introduce some more details of the ransom demands. The threat actor provides free decryption for up to five 'test' files, but users should be careful when opening any returned files, which may not be the promised media.
Current versions of the AMJIXIUS Ransomware don't display some of the more threatening features of Trojans of this ilk, such as disabling security features or wiping the Restore Points. However, these functions are easy additions, and users shouldn't presume on their PCs' safety, even after the encryption attack finishes.
Staying Out of the Planned Framework of Trojans Who Break Files
Most users can quash most risks from file-locker Trojans by making sure that they save their backups and on other devices routinely. Appropriate locations for a backup can include a protected cloud service or a fully-removable device such as a flash drive. Decryption for free is rare among Trojans, which use easily-secured locking features. Still, users might submit samples to appropriate research entities for investigating an unlocking solution's development.
For now, malware researchers can't confirm live infections or any associated installation exploits. Attackers might circulate the AMJIXIUS Ransomware through misleading e-mail attachments like fictitious invoices or use less-targeted means, such as torrents. Brute-forcing a target's weak passwords or abusing out-of-date software vulnerabilities also are possibilities for Trojans' campaigns.
Since this Trojan carries no significant camouflage, most Windows security products that detect threats will flag, block and isolate or remove the AMJIXIUS Ransomware, as is appropriate.
Easy programming is a moral quandary for some coders. The AMJIXIUS Ransomware is the product of one who settled for ransoms instead of a more useful output of his or her talents – but, hopefully, his wallet won't see any funds.
