Namaste Ransomware

The Namaste Ransomware is a file-locking Trojan that compromises Windows systems and blocks their media files by encrypting them. Users should protect themselves against attacks by saving backups to traditionally-safe locations and ignore the ransoming pop-up alert. Most anti-malware products also delete the Namaste Ransomware and similar threats without any difficulty.

Greetings from Threats with Nothing Good to Say

As an industry, file-locking Trojans are almost entirely in the thrall of majorities of Ransomware-as-a-Services and free-built Trojans, such as the Xorist Ransomware or Hidden Tear. There are occasional stand-outs that act as lone entities, though, such as the Namaste Ransomware. This Windows threat asks for some of the smallest ransoms ever, although malware researchers warn that its data-blocking attacks are no joke.

The Namaste Ransomware shows some of the standard elements of less-unique threats: it's compatible with Windows systems and includes a .NET Framework dependency. Its signature attack is the currently-unanalyzed encryption routine, with which it blocks media files, such as the user's text documents, pictures, music, or movies. The Trojan also adds extensions ('_.enc') to these files, which is very similar to Brazil's WannaPeace Ransomware, although the older program excludes the period.

The Namaste Ransomware's name may refer to a traditionally-Hindi greeting, but its pop-up alert that bears the ransom demand caters to English-speaking Europeans. This pop-up asks for only ten Euros (roughly eleven USD) and directs victims to a website for unlocking their files. Since this fee is extraordinarily cheap, malware experts anticipate the campaign's using bulk-style distribution exploits, such as torrents, malvertising (corrupted Web advertisements), or Exploit Kits that take advantage of passively-existing software vulnerabilities in the user's browser.

The Subtle Side of a Multicultural Trojan

The Namaste Ransomware asserts that a reboot makes decryption of the user's files impossible. While malware analysts can't confirm the claim, it's frequent that Trojans will not retain essential encryption keys after a reboot – especially in less-professional cases, like this one. Users should always have backups for restoring any work and not depend too much on local, vulnerable copies of their files.

The Namaste Ransomware also has some other effects that can harm users' security or control over their networks. Notably, it deletes intranet and proxy-related settings in the Windows Registry. Malware experts also confirm that it hijacks the user's wallpaper by replacing it with a stereotypical Anonymous (a decentralized hacker-activist group) image.

Despite its being an original program, there are significant similarities between the Namaste Ransomware and other Windows-derived file-locker Trojans. Most current cyber-security programs will treat it as a threat and remove the Namaste Ransomware from compromised systems as soon as possible.

Besides some coincidental confusion with past attacks, the Namaste Ransomware offers little that's new to the threat landscape. Still, encryption requires no innovation for hurting others' files, and anyone on Windows without a recovery plan could become part of this Trojan's trickle of Euros.