AresCrypt Ransomware

PC security researchers first observed the AresCrypt Ransomware, an encryption ransomware Trojan, in February 2018. Attacks involving the AresCrypt Ransomware have been spotted as recently as July 2018. The AresCrypt Ransomware does not seem to be part of a larger family of ransomware and that it is an independent threat that is available for any criminals to use in their attacks publicly.

A Greek God of War that can Attack your Files

The main purpose of threats like the AresCrypt Ransomware is to encrypt the victims' files, taking them hostage and then demanding the payment of a ransom from the victims to restore the files to their normal state. The AresCrypt Ransomware will be delivered to the victims' computers through corrupted email attachments, often in the form of PDF or DOCX files that use embedded macro scripts to download and install the AresCrypt Ransomware onto the victim's computer. Once the AresCrypt Ransomware is installed, the AresCrypt Ransomware will use the RSA and AES encryptions to make the victim's files inaccessible. Unfortunately, the AresCrypt Ransomware uses an encryption method that is quite strong, and the files encrypted by its attack will be lost permanently. The AresCrypt Ransomware targets all user-generated files stored in any local drives and shared network directories accessible from the infected computer. Threats like the AresCrypt Ransomware will target certain file types in their attacks, which include:

.ebd, .jbc, .pst, .ost, .tib, .tbk, .bak, .bac, .abk, .as4, .asd, .ashbak, .backup, .bck, .bdb, .bk1, .bkc, .bkf, .bkp, .boe, .bpa, .bpd, .bup, .cmb, .fbf, .fbw, .fh, .ful, .gho, .ipd, .nb7, .nba, .nbd, .nbf, .nbi, .nbu, .nco, .oeb, .old, .qic, .sn1, .sn2, .sna, .spi, .stg, .uci, .win, .xbk, .iso, .htm, .html, .mht, .p7, .p7c, .pem, .sgn, .sec, .cer, .csr, .djvu, .der, .stl, .crt, .p7b, .pfx, .fb, .fb2, .tif, .tiff, .pdf, .doc, .docx, .docm, .rtf, .xls, .xlsx, .xlsm, .ppt, .pptx, .ppsx, .txt, .cdr, .jpe, .jpg, .jpeg, .png, .bmp, .jiff, .jpf, .ply, .pov, .raw, .cf, .cfn, .tbn, .xcf, .xof, .key, .eml, .tbb, .dwf, .egg, .fc2, .fcz, .fg, .fp3, .pab, .oab, .psd, .psb, .pcx, .dwg, .dws, .dxe, .zip, .zipx, .7z, .rar, .rev, .afp, .bfa, .bpk, .bsk, .enc, .rzk, .rzx, .sef, .shy, .snk, .accdb, .ldf, .accdc, .adp, .dbc, .dbx, .dbf, .dbt, .dxl, .edb, .eql, .mdb, .mxl, .mdf, .sql, .sqlite, .sqlite3, .sqlitedb, .kdb, .kdbx, .1cd, .dt, .erf, .lgp, .md, .epf, .efb, .eis, .efn, .emd, .emr, .end, .eog, .erb, .ebn, .ebb, .prefab, .jif, .wor, .csv, .msg, .msf, .kwm, .pwm, .ai, .eps, .abd, .repx, .oxps, .dot.

The AresCrypt Ransomware carries out its attack from its Command and Control servers. The AresCrypt Ransomware will rename any files compromised during the encryption process, often adding random characters as file extensions to the affected files. The AresCrypt Ransomware is capable of detecting when it is being deployed on a sandbox or virtual environment (of the sort used by PC security researchers to study threats like this) and will change its functions if this is the case. The AresCrypt Ransomware will demand a ransom payment, accepting the payment in a variety of digital currencies, including Bitcoin and Litecoin after the victim's computer has been compromised.

Protecting Your Data from Threats Like the AresCrypt Ransomware

Currently, there is no campaign being used to distribute the AresCrypt Ransomware actively, although it is available for anyone to use publicly. Computer users should be precautious to ensure that their data is safe from threats like the AresCrypt Ransomware, especially with the rise in the number of these attacks that had occurred in 2018. The best protection against threats like the AresCrypt Ransomware is to have file backups. Computer users are also advised to treat unsolicited email attachments with caution since this is the main way in which threats like the AresCrypt Ransomware are distributed.