Armageddon Ransomware
Recently, malware experts happened upon a new ransomware threat. This file-encrypting Trojan appears to be based on the HiddenTear Ransomware – an open source ransomware project.
It is not known exactly what propagation method is employed in spreading the Armageddon Ransomware, but it is speculated that some of the methods used may be fraudulent software updates, corrupted pirated applications and spam email campaigns. When a machine is infiltrated by the Armageddon Ransomware, it would be scanned with the end goal of locating the files, which will be encrypted in the next step of the attack. Once that is done, the encryption process will be executed. The Armageddon Ransomware alters the names of the files it locks.
When the encrypting of the data is completed, the Armageddon Ransomware launches a pop-up window, which serves as a ransom note. In the ransom message, the attackers state that they would like to receive $100 or €100 in the shape of BTC. There is also a countdown – the authors of the Armageddon Ransomware claim that unless the victim pays within 24 hours, the attackers will delete the decryption key that the user needs to unlock their data permanently. If they do as they claim, the victim will lose their files forever. The attackers provide the user with an email address – darkday@mailnator.com. The authors of the Armageddon Ransomware have copied the pop-up window of the widely popular WannaCryptor Ransomware, which was one of the most notorious threats plaguing the Internet in 2018.
Since the Armageddon Ransomware is based on the HiddenTear project, there may be a chance that the victims would be able to unlock their files for free using the publicly available decryption tool. However, this is not 100% certain as cybercriminals often alter the code of the threat slightly, which may mean that there is a chance that the free decryption tool may not be helpful in the case of the Armageddon Ransomware.
It is crucial that you download and install a reputable anti-virus suite, which will keep you safe from threats like the Armageddon Ransomware.
