Cyber security researchers keep discovering new ransomware strains every other week. In this year alone, we have seen many different ransomware strains have surfaced on the cyber horizon. Lately, ransomware hunters have discovered a new cryptographic malware that ‘belongs to the ancient Greek city of Sparta’ as its operators have named it ‘Spartacus’.
According to cryptography experts who have read its code, Spartacus employs asymmetric cryptography to lock down the files on affected devices. It’s one of a kind cryptographic strain where the operators also want to send you the public key along with the email to remove ransomware. Like majority of ransomware operators, handlers of Spartacus also want ransom payments in Bitcoin.
Interestingly, every encrypted file lodged with the extension that also mentions the contact ID of the attackers. To guarantee that they can reinstate your device to its unaffected state, the perpetrators offer free ransomware decrypt of five encrypted files.
A ransom note is dropped at different locations in the device including desktop warning off the users to not rename the affected files and to not use any software for ransomware decrypt because it can result into permanent loss of data. Ironically, they also ask and ‘advise’ the affected user not to hire third party services to remove ransomware as it will only increase the price of restoring ransomware files.
Spartacus’s Operators are Expert
Spartacus can encrypt every file on the device regardless of its types and extension. Moreover, it deletes all the shadow volume copies so you can’t use a built-in backup system offered by Windows. It also runs a mutex to ensure that the cryptographic code doesn’t run for more than once. Spartacus’ ransom screen will continue to run in the foreground or on top of the screen as long as the device is on. It’s a psychological ploy used by the attackers to push the victim to pay them for ransomware decrypt.
According to experts, to remove ransomware without yielding to the demands of Spartacus’ operators, a key can be extracted from the memory if the cryptographic script is left running. However, experts haven’t tested ransomware decrypt of Spartacus by this method until now.
For assistance on file recovery from Spartacus ransomware, please contact MonsterCloud Cyber Security experts for a professional ransomware removal.
