ETH Ransomware

The ETH Ransomware is a file-locking Trojan that's part of a Ransomware-as-a-Service family, the Dharma Ransomware (AKA Crysis Ransomware). The ETH Ransomware keeps the user's media files from opening as part of a scheme for extorting money from victims. Users shouldn't pay for recovery without trying other recovery options and let anti-malware services handle the removal of the ETH Ransomware, in most cases.

What Extra Extensions Herald for Someone's Files

With reports of family variants extending back years, few readers should be unaware of the dangers of the Dharma Ransomware family. After tracing campaigns of variants like the Zimba Ransomware, the FREDD Ransomware, the SWP Ransomware, and the GOLD Ransomware, malware analysts confirm another variant. The ETH Ransomware is a fresh reason for any user backing up their files somewhere safe and updating the backup regularly.

The ETH Ransomware endangers Windows users' recreational and work media files by blocking them with an encryption routine. It converts each file's data to an AES-256-encrypted copy, deletes the original and protects the encrypted version with an RSA key. As any user might anticipate from its name, searching for 'ETH' extensions in files' names should show every blocked file.

The ETH Ransomware's family uses a conventional HTA (advanced HTML) template for a ransom note, which sells the user's files back to them by offering a premium decryption service. As a further precaution, the threat also can destroy the Restore Points. Windows users' best hopes of restoring their work are having files backed up to a removable drive, a cloud service, or another secure location.

Keeping Your Files from Being in a Lose-Lose Position

Users paying the ETH Ransomware's ransom might not get their decryption service or experience glitches with recovery and Ransomware-as-a-Service operations are notably unreliable. Although there is a decryptor for free for the ETH Ransomware's family, its age means that it's not likely that it retains compatibility with the current encryption routine. Users' best hopes of restoring their work involve not putting their files in danger in the first place.

Current patterns in infection methods suggest that most users will expose their PCs through unsafe Web-browsing habits. Errors worth avoiding include, but aren't limited to:

• Using weak passwords that attackers might brute-force
• Not applying security patches to software, especially office suites, browsers and Web development platforms
• Leaving features such as RDP, macros, Flash, or JavaScript enabled
• Downloading illegal content, such as game cracks or copyrighted media
• Downloading updates from non-official websites

Both businesses and home users can be equally inconvenienced by the ETH Ransomware's encryption feature. Fortunately, most Windows anti-malware services can contain and delete the ETH Ransomware and its family members without much trouble.

Ransomware-as-a-Services continue serving until they run out of customers, consensual or otherwise. Every ransom in the ETH Ransomware's Bitcoin wallet may or may not recover some files but always promises more attacks to come.