Solaso Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 2 |
| First Seen: | December 15, 2012 |
| Last Seen: | October 15, 2021 |
| OS(es) Affected: | Windows |
The Solaso Ransomware is a file-locking Trojan that may be a variation of the Encrp Ransomware. The Solaso Ransomware attacks are almost identical to those of the previous Trojan, including blocking the user's media files by turning them into encrypted versions. Users should withhold ransoms whenever possible and let professional cyber-security programs safely remove the Solaso Ransomware from compromised systems.
Words from Last Year in a 'New' Trojan's Mouth
In the second half of 2020, a particularly-unassuming Windows threat became part of threat databases, alongside the usual Ransomware-as-a-Services, spin-offs of 'free' code projects, and the like. Malware researchers gave the Encrp Ransomware an initial analysis, noted its efficacy for blocking files and moved on to more complex threats. In the new year, it's coming back, either as a one-off update or the start of a proper 'family' of Trojans bearing different names for the fundamentally-same payloads. This offspring's name: the Solaso Ransomware
The Solaso Ransomware, like the Encrp Ransomware, is a Windows Trojan that specializes in blocking documents, pictures, and other digital media formats that most users own. It uses a standard encryption routine for locking the files and adds its extension ('solaso,' of unknown etymology) into the names without removing any text. Acquiring its digital hostages, the Solaso Ransomware proceeds with generating a text message in the containing folders: a much-duplicated ransom note.
The Solaso Ransomware's ransom note is almost the same as Encrp Ransomware's, although this fact isn't the only point of resemblance between the two. It asks for Bitcoins to a different (empty, as of late January) wallet and provides an ID and e-mail addresses as part of the negotiations for unlocking the victim's files. Since there isn't a guarantee that the Solaso Ransomware's threat actors will behave as they promise, Windows users should invest in traditionally-secure backups for any file recovery they might require afterward.
Estimating Trojan Updates before They Hit Files
Some samples of the Solaso Ransomware include what might be references to Spanish terms for encryption. File-locker Trojan campaigns are neither new to Spain or other regions, such as Brazil. However, this threat can block files on most Windows versions and don't 'sort out' victims with different language settings necessarily.
Infection methods for the Solaso Ransomware's campaign may use any number of strategies. Malware experts can, at least, point out the following themes as likely in some attacks:
- E-mail tactics such as attached, fake invoices that use macros for drive-by-downloads
- Mislabeled torrents and other downloads, such as game cracks or copyright-protected movies
- Website-based Exploit Kits (see KaiXin Exploit Kit et al.) that use features like JavaScript, Flash, and outdated browser software for attacking users
- Brute-force tools cracking weak login credentials, such as 'password123' for an administrator's account
Users who implement common-sense defenses like stronger passwords and patches, and stay aware of what they download, are at little risk of infections. Most anti-malware programs also detect and delete the Solaso Ransomware, along with the majority of file-locker Trojans.
Single Trojans don't stay that way necessarily. With what seems like the first step in Encrp Ransomware's turning into another 'faction' of Trojans, the Solaso Ransomware offers Windows users even more data-ransoming problems, as if they hadn't enough already.
