Remember the Princess Locker Ransomware? Well, unfortunately, ransomware removal analysts have discovered its variant that has been referred to as Princess Evolution Ransomware. Similar to the Princess Locker Ransomware, this ransomware is also RaaS (Ransomware as a Service).
RaaS are paid services that are available on cybercriminal forums like dark net where dangerous third parties pay owners for their ransomware toolkit. The purchasing party then uses the ransomware to terrorize and exploit victims through ransomware attacks.
Analysis of the Ransomware
Ransomware removal analysts have expressed their worries regarding the flourishing ransomware industry, and the arrival of Princess Evolution Ransomware serves as an added dilemma for the security officials. Analysts believe that the actual owners are raking up 40 percent of the ransom payments while 60 percent goes into the pockets of the purchasing parties.
According to ransomware removal analysts, the ransomware is spread through a number of different distribution strategies and channels. One of them has been identified as the RIG Exploit Kit. These kits are deployed and added on a large number of websites on the internet. The targeted websites are usually those that have high internet traffic where an event caused by the visitors means that the ransomware can make them cyber hostages.
Afterward, the ransomware will check two conditions. These conditions will help the ransomware to ensure that it has not targeted a victim twice. In case the ransomware enters into a previous victim’s PC, it will terminate its operation.
In the scenario of a new victim, Princess Evolution will begin its operation through communication with the CnC server via UDP. The information that will be provided to the CnC consists of the name of the victim, network interface details, OS type and versions and most importantly, the encryption key.
Ransomware removal experts have stated that so far the decryption tools for Princess Evolution have not been released, and hence it would be better to contact a professional service for ransomware removal.
