Support Ransomware Description
Malware researchers have spotted a new Trojan, which encrypts all the data on its victims’ computers. The name of this newly identified threat is Support Ransomware. The Support Ransomware belongs to the MedusaLocker Ransomware family. Cyber crooks who are not very experienced often rely on already established data-lockers like the MedusaLocker Ransomware. Instead of building a file-locker from scratch, the creators of the Support Ransomware have borrowed the code of the MedusaLocker Ransomware, as this saves them a lot of effort.
Propagation and Encryption
It is not clear what is the exact infection vector used in the distribution of the Support Ransomware. The attackers are likely to utilize some of the most popular propagation methods such as torrent trackers, bogus social media posts, fake application downloads and updates, corrupted advertisements, etc. Many authors of data-locking Trojans like the Support Ransomware, opt to use phishing emails as an infection vector. Spam emails of this kind would either contain a corrupted link or a macro-laced attachment. When the Support Ransomware compromises a computer, it will scan the data present on it to determine what files will be marked for encryption. The Support Ransomware goes after a wide variety of filetypes, including images, audio files, videos, documents, presentations, spreadsheets, archives, databases and many others. When the Support Ransomware encrypts a file, it marks it with a new extension – ‘.support.’ This means that a file, which was initially called ‘amber-pilsner.pdf,’ will be renamed to ‘amber-pilsner.pdf.support.’
The Ransom Note
When the process of encryption has been completed successfully, the Support Ransomware will drop a file containing the ransom message of the attackers – ‘Recover_Instructions.html.’ Recently, authors of file-lockers have been adding a new feature to further pressure the victim into paying the ransom fee. Cybercriminals who distribute this Trojan have recently been threatening their victims to leak their files online unless they get paid a hefty sum. This may be effective against companies who have confidential documents and other sensitive data, particularly. In the ransom note, the attackers provide users with two email addresses where they can be contacted – ‘email@example.com’ and ‘firstname.lastname@example.org.’ The attackers are willing to decrypt up to three files for free, as long as they do not contain any important data. The creators of the Support Ransomware offer a Tor-based website, where the victim can pay the ransom fee. In the note, it is stated that unless the user pays within 72 hours of the attack taking place, the price will increase.
It is not advisable to follow the instructions of cybercriminals. There are no guarantees that you will be provided with the decryptor you need to recover your data. Make sure you eliminate the Support Ransomware from your computer with the help of a reputable anti-virus software suite.