Experts have found a fresh cyber threat –– the Parrot Ransomware. The ransomware has been found to be copying the same code as other popular ransomware strains. Some experts engaged in the ransomware removal process suggest it to be from the Dctr family. The experts believe that the ransomware’s family had been releasing multiple variants to target Windows users. More than 120 file extensions have been found related to the ransomware in the ransomware removal process.
The ransomware’s name comes from the files of the operating system that are modified with the extension of ‘.parrot’. The ransomware has been especially designed to cripple the system in such a way that a complete takeover of the IT assets can be made possible, especially in Windows environments.
The ransomware has been marked as too dangerous and sneaky in its operation. Additionally, highly inventive and cunning techniques are used in deception strategies for the distribution and infection of the ransomware. The malicious payload is generally passed through MS Word files. Spam email campaigns are also employed for the propagation of the ransomware. Fake content is part of these emails through which users are tricked in the download of a malicious invoice. After the downloading, the ransomware latches into the victim’s computer through virus-filled files and begins its rampage.
Subsequently, it installs itself in the PC and Windows Task Manager may show it as a service. Firewall is adjusted so any security process cannot detect the ransomware for ransomware removal. As the victim’s PC becomes defenseless, encryption processes are kickstarted to lock user’s data. The types of files that can be corrupted by the ransomware include:
- Video files (.mp4 and other formats)
- Audio Files(.mp3 and other formats)
- Databases (SQL Server, MySQL, Oracle DB files)
- Documents (.docx, .txt etc)
The encryption process is succeeded by the arrival of a ransom note through a command-line window where a ransom is demanded in return for the locked files.