Table of Contents
Malware with even basic features has the potential to lock you out from the database and wreak havoc on all your data. Correspondingly, a new ransomware with straightforward features labelled as “Spartacus” and titled after a gladiator is spreading like a wildfire. According to the experts, this ransomware is displaying features that resemble Blackheart, ShiOne and Satyr in terms of code and techniques. In this blog, we will focus on the working of this ransomware along with the process of Spartacus ransomware removal.
Spartacus has some of the basic but smart features. For instance, it does not communicate with any C2 server or author like other ransomwares. Furthermore, this ransomware is fortified with inbuilt RSA public key, which handles encryption of AES key. The AES key allow hackers to encrypt files in the machine with ease as the key exists at the targeted computer. But this feature of ransomware has a loophole that permit users to recover their data by using the process memory dump.
Must Read : Watch For The All New CryptoBlackmail Ransomware
How Does Spartacus Work?
The ransomware can enter your network via numerous unknown sources and there is no definite pathway. Once Spartacus hits your computer, it uses the CheckRunProgram function to validate that the targeted computer has only one instance of this malware working in the system. Next, it produces a unique encryption key for hacking all files of your computer. This key is based on the Rijndael algorithm version of AES and specializes in encrypting each file it encounters in your computer. In the next step, it adds. Spartacus or. [MastersRecovery@protonmail.com]. Spartacus extension to every encrypted folder.
After adding the extension, two duplicate files are created automatically with similar cipher-text. Spartacus also removes the Shadow Volume Copies so that users cannot recover data. Eventually, it includes a .txt file with a message demanding money along with RSA-encrypted AES key forcing victims to post details in email for decrypting the files.
Characteristics of Spartacus
- Works completely in offline mode
- Does not communicate on networks or any C2 server and to author.
- The victim does not realize that the system is infected with ransomware until he emails using his personal ID.
- Cannot decrypt the malware as the decryption tool is implanted in AES key and is different for every victim.
- Only known solution is to perform a process memory dump, only after the user realizes that a ransomware has hit them. Sooner the better.
Also Read : 5 Best Ransomware Protection Tools For Windows
- Take backups of all essential files on regular basis without fail. This will prevent the possibility of losing significant data once the ransomware hits you. Make sure to take back up on a separate device in an offline mode.
- Limit the implementation of PowerShell/WSCRIPT in business setting. Also, confirm that you use and install up-to-date version of PowerShell. As It has improved logging and transcription process along with script block logging.
- For securing the domain, create a Sender Policy Framework (SPF) for designing email validation system. This will avert spamming by spotting email spoofing.
- Ransomware corrupts or hack common files and it is advisable to encrypt all classified data.
- Avoid opening mails with unknown attachments, even if they come from known contacts.
- Carefully implement the Software Restriction Policies (SRP) and whitelisting of Application to hinder binaries to run from %APPDATA% and %TEMP% paths.
This was all about Spartacus Ransomware, how it infects your system and what are Spartacus countermeasures. If you have any query about this ransomware, make sure to comment in the section below.