AsuraHTTP is a botnet, a network of computer devices infected with a bot Trojan that are used in coordination to carry out a variety of malware attacks. AsuraHTTP can be used to carry out DDoS attacks, mine cryptocurrency or deliver banking Trojans. Malware analysts have linked AsuraHTTP to a ransomware tactic in particular, based on the Dharma Ransomware.
How the AsuraHTTP Botnet Affects Your Files
AsuraHTTP seems to be based on a previously known Botnet known as LiteHTTP, both of which use similar attacks and are coded using C++. The AsuraHTTP botnet has been linked to test versions of ransomware Trojans that use AES and RSA encryption to make victims' files inaccessible. The AsuraHTTP ransomware component includes ransom notes written in eight languages, Chinese, Russian, English, Italian, Spanish, Arabic, Japanese, and Portuguese, hinting at the ambitious nature of the AsuraHTTP attacks. The following is the English version of the AsuraHTTP ransom note:
'All your files have been encrypted!
What Happened to My Computer? Your important files are encrypted.
Many of your documents, photos, videos, databases, and other files are no longer accessible because they have been encrypted. Maybe you are busy looking for a way to recover your files, but do not waste your time.
Nobody can recover your files without our decryption service.
Can I Recover My Files?
Sure. We guarantee that you can recover all your files safely and easily. But you have not so enough time, if you want to decrypt all your files, you agreed to pay.
You only have 4 days to submit the payment. After that the price will be doubled.
Also, if you don't pay in 7 days, you won't be able to recover your files forever.
How Do I Pay?
Payment is accepted in Bitcoin only.
Send the correct amount of Bitcoin to the address specified in this window.
Once the payment is sent, the program start decrypting your files immediately.
We strongly recommend you to not remove This software, and disable your anti-virus for a while, until you pay and the payment gets processed.
If your anti-virus gets updated and removes this software automatically, it will not be able to recover your files even if you pay.
[7 days countdown timer] [BTC amount] [BTC address] [Copy|BUTTON]'
Like most ransomware Trojans, the AsuraHTTP ransomware being distributed using common methods that deliver threats. AsuraHTTP Botnet targets the user-generated files, which may include files with the following file extensions:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
Mitigating the AsuraHTTP Attacks and Ransomware
The AsuraHTTP Botnet relies on compromising various bots that become a part of the botnet network. This is why reliable security software and strong security measures should be taken preemptively to prevent computers from becoming infected and adding to the power and reach of the AsuraHTTP botnet. As with most ransomware Trojans, the best protection against AsuraHTTP's ransomware component is to have backup copies of all files and store these in a safe, out of reach location.