Trojans are very efficient exploitation tools of the digital domain. Innumerable cyber attacks have been carried out through digital Trojan horses in all those years. With time, the development of Trojan codes has also experienced several improvements. As a result of rapid progress on the front of cyber misdemeanors, a Trojan is available now that is being used as a ransomware-as-a-service.
Quant Loader: A Ransomware-as-a-service Trojan
Ransomware-as-a-service has become a viable business on the dark web. Coders with malicious intents develop basic or complex template of ransomware and put them on sale in the dark alley of the Internet. These readymade ransomwares are purchased by cybercriminals who themselves are not cryptographic code developers. ‘End users’ of the product can make adjustments to the ransomware to make their assault more effective. Decryption keys, used to restore ransomware files, are also part of the package.
In majority of the cases, Quant Loader is loaded with Locky ransomware and designed on the basis of Pony Trojan. This means its coding script is decked with obfuscation, which makes it hard for experts to identify the type of malware and to restore the ransomware files.
This feature also provides Quant Loader to act as a downloader for any customized ransomware. Quant Loader is usually transported to the targeted device through phishing mail containing a compressed zip file. Once the file unpacks, Quant Loader starts to inflict its destruction through the ransomware code it carries.
The above description of Quant Loader clearly indicates that it is using the same old tactic to deliver ransomware i.e. through download links and email attachments. By maintaining basic internet hygiene, one can definitely mitigate such attacks. But with its trouble-free availability on the web, it can be extensively used by criminal elements to target the users who are still not well-informed about internet hygiene and social engineering tactics.
It is also a well-known fact that once the installer of Quant Loader is executed, the ransomware will start its encryption activity and the affected user will have to pay, one way or another, to restore ransomware files.
