Threat Database Ransomware AMJIXIUS Ransomware

AMJIXIUS Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 1
First Seen: February 8, 2021
Last Seen: February 8, 2021
OS(es) Affected: Windows

 The AMJIXIUS Ransomware is a file-locking Trojan that keeps files from opening so that the victim pays a ransom. Users can recover through backups after disinfection. Ideally, most anti-malware services will remove the AMJIXIUS Ransomware from Windows systems safely.

Convenient Programming Tools Put to Selfish Uses

Throughout the threat landscape, Microsoft's .NET Framework is a regularly-occurring element for many Trojans' foundation. This aspect is especially pertinent to file-locking Trojans, like the Makop Ransomware family, the CryptoJoker Ransomware from GitHub and the 'new kid in the class' of the AMJIXIUS Ransomware. While it's not a relative of any previous threat, readers could mistake it for most file-locker Trojans, thanks to its standard features.

Due to requiring the .NET Framework, the AMJIXIUS Ransomware only targets Windows environments. Its foundational feature blocks files with an encryption routine of currently-unknown strength, which converts documents, pictures and similar media until unreadable data. As markers of the change, the AMJIXIUS Ransomware also appends an extension: the attacker's e-mail (in brackets), the victim's random ID number (in brackets, as well), and the 'AMJIXIUS' string, which bears no known etymological significance.

The AMJIXIUS Ransomware also creates HTA pop-ups that alert victims to their plight and introduce some more details of the ransom demands. The threat actor provides free decryption for up to five 'test' files, but users should be careful when opening any returned files, which may not be the promised media.

Current versions of the AMJIXIUS Ransomware don't display some of the more threatening features of Trojans of this ilk, such as disabling security features or wiping the Restore Points. However, these functions are easy additions, and users shouldn't presume on their PCs' safety, even after the encryption attack finishes.

Staying Out of the Planned Framework of Trojans Who Break Files

Most users can quash most risks from file-locker Trojans by making sure that they save their backups and on other devices routinely. Appropriate locations for a backup can include a protected cloud service or a fully-removable device such as a flash drive. Decryption for free is rare among Trojans, which use easily-secured locking features. Still, users might submit samples to appropriate research entities for investigating an unlocking solution's development.

For now, malware researchers can't confirm live infections or any associated installation exploits. Attackers might circulate the AMJIXIUS Ransomware through misleading e-mail attachments like fictitious invoices or use less-targeted means, such as torrents. Brute-forcing a target's weak passwords or abusing out-of-date software vulnerabilities also are possibilities for Trojans' campaigns.

Since this Trojan carries no significant camouflage, most Windows security products that detect threats will flag, block and isolate or remove the AMJIXIUS Ransomware, as is appropriate.

Easy programming is a moral quandary for some coders. The AMJIXIUS Ransomware is the product of one who settled for ransoms instead of a more useful output of his or her talents – but, hopefully, his wallet won't see any funds.


Most Viewed