Contact Ransomware

The Contact Ransomware is a file-locking Trojan of a currently indeterminate lineage. The Contact Ransomware attacks the user's files by blocking them with encryption and keeps them as hostages for its ransom demands. Most anti-malware products will remove the Contact Ransomware or block its installers, and maintaining backups can circumvent the extortion from its attacks.

Making Contact with Programs Offering Undesirable Features

The file-locking Trojan industry is the playing field of Ransomware-as-a-Service quantitatively, large 'private' families and other updates of past Trojans. Even so, the ancestry in these threats isn't always clear-cut. One example might be the Contact Ransomware: a recently caught file-locker Trojan.

The Contact Ransomware is a Windows program and conceals its identity from security services, albeit ineffectually, with UPX packing. The features that malware experts can confirm are somewhat sparse but adequate for monetizing the victimization of the user's digital media:

• The Contact Ransomware encrypts documents, images, music and other media (stopping them from opening)

• The Contact Ransomware renames the encrypted files with a set of random characters and a second, unique extension with a contact address

• The Contact Ransomware generates a custom ransom note as a Web page with instructions for buying the file decryption or unlocking solution

According to its ransom note, the Contact Ransomware might be a new release of the Makop Ransomware family. On the other hand, not all Trojans are honest with their instructions or identity. A well-known PC security researcher estimates that the Contact Ransomware is a variant of the even more obscure MauriGo Ransomware currently. For their part, malware experts have no definite conclusion.

Family aside, the Contact Ransomware still locks files and makes them unusable, with the promise of an unlocker for a ransom remaining a potentially broken one.

Breaking Ties with New Trojan Industry

As the Contact Ransomware makes contact with new victims, Windows users should have sufficient protection to make its attacks moot. Most backup solutions to other devices will prevent the Contact Ransomware from gaining access to those files and encrypted or wiping them. Although it's not yet knowable whether the Contact Ransomware deletes local backups, most file-locking Trojans with almost identical features will do so – or encrypt them, too.

Besides having backups, users also should watch for the archetypal infection exploits in vogue with file-locking Trojans' campaigns. E-mail tactics such as attached invoices or resumes running macro exploits are a favorite among threat actors. Malware researchers also suggest users avoid illicit and piracy-related downloads, patch their software, and turn off needlessly threatening features like JavaScript. Password security also is essential for all users but server administrators especially.

While it's new, most security services will detect this threat. Users can delete the Contact Ransomware while scanning their PC with any dedicated anti-malware tool, even if unlocking files is beyond them.

The Contact Ransomware has hints worth following on its development, but more stories might or might not be forthcoming. Rather than waiting to see what happens, anyone with a Windows PC should have the protections in place for guaranteeing a happy ending.