Threat Database Ransomware LittleFinger Ransomware

LittleFinger Ransomware

By GoldSparrow in Ransomware

PC security researchers first observed the LittleFinger Ransomware, a ransomware Trojan, in the final week of May 2018. There is very little to differentiate the LittleFinger Ransomware from the many other encryption ransomware Trojans on the surface, although PC security researchers have observed aspects of the LittleFinger Ransomware that make it somewhat unique regarding its code. The LittleFinger Ransomware was observed on a public analysis platform, and it is possible that the LittleFinger Ransomware is still unfinished and being developed currently.

How a Little Finger can Prevent You from Accessing Your Files

An initial analysis of the LittleFinger Ransomware seems to indicate that the LittleFinger Ransomware may be a variant of HiddenTear, an open source ransomware platform that was released in August 2016 initially. However, studying the LittleFinger Ransomware's code security, analysts has noted that there are several portions of the LittleFinger Ransomware's code that are different from HiddenTear significantly. Because of this, there is a possibility that the LittleFinger Ransomware is a custom ransomware Trojan that uses some portions of HiddenTear in its implementation. The LittleFinger Ransomware encrypts the victim's files with a strong encryption algorithm and adds the string '0x3737451845184518' to each affected file's file header. Examples of the files that are commonly compromised in the event of a LittleFinger Ransomware attack include:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, ..

The LittleFinger Ransomware delivers its ransom note in a small executable file named 'mpsigeng.exe.' The LittleFinger Ransomware's encryption method is quite strong, and it's not possible to restore the files compromised by the LittleFinger Ransomware attack currently. The LittleFinger Ransomware's executable file mentioned above will start up automatically when Windows boots and display the following message on the victim's computer, which will demand the payment of 0.01 Bitcoin in exchange for the decryption key:

'YOUR FILES ARE ENCRYPTED YOU FINGERPRINT: [RANDOM CHARACTERS]
SEND 0.01 BTC to address: 1LjKnoJed8f6tiF4QwuHUD6EUMwcRVp9oY
SEND TRANSACTIONID AND FINGERPRINT to decryptmefinger@gmail.com
YOU RECEIVE DECRYPTOR INBOX'

There's nothing guaranteeing that paying the LittleFinger Ransomware ransom or contacting the criminals associated with the LittleFinger Ransomware via the email address included in the LittleFinger Ransomware ransom note will have a happy end. Once the criminals get the money, they do not need to keep their part of the deal. Also, public email addresses, such as Gmail, are rarely used in these attacks since Google, Microsoft, or other public email providers will shut them down after their link to threats like the LittleFinger Ransomware is revealed. Beside this, it is highly likely that by the time this report is published, the ransom note included in the sample above may have been changed.

Protecting Your Data from Threats Like the LittleFinger Ransomware

If your files have been compromised by a threat like the LittleFinger Ransomware, it is recommended that you restore your files from a backup. Since the LittleFinger Ransomware enciphers the files using a highly operative method, these files cannot be recovered without the decryption key, or from file backups, which are the primary way in which computer users can thwart threats like the LittleFinger Ransomware and keep their data safe. Apart from file backups, malware researchers advise computer users to use a strong anti-malware program that is fully up-to-date to prevent threats like the LittleFinger Ransomware from being installed.

Trending

Most Viewed

Loading...