AstraLocker ransomware infects email attachments – here’s how

A virus strain called AstraLocker recently released a new version, which infects e -mail attachments through quick attacks, but capable of causing great damage. Read on and understand how this ransomware works .

A ransomware such as AstraLocker is basically malware that encrypts relevant files on a device’s local and network storage, demanding a ransom to decrypt them. The most common ways to spread malware are to trick users into opening malicious email attachments, or to open files downloaded via links in emails. On the other hand, it is also common for ransomware to be hosted on pirated software download pages. Furthermore, in other cases, users manage to infect computers when the person opens files from other untrustworthy sources or uses fake installers.

The bait used by AstraLocker 2.0 operators, in short, is a differentiated Microsoft Word document, which hides an OLE object with the ransomware payload. In this sense, the embedded executable uses the filename “WordDocumentDOC.exe”. According to a code analysis by ReversingLabs, the AstraLocker virus is based on the leaked source code of Babuk, which in turn is a buggy but still dangerous strain of ransomware that came out in September 2021.

Typically, emails designed to spread this malware are disguised as urgent/important letters from legitimate companies or other entities. In this way, the person receives and does not pay attention to the fact that there may be malicious content there. In this sense, there are some examples of files that cyber criminals use to distribute MS Office malware, files such as ZIP and RAR, PDF documents, as well as JavaScript and executable files.

Related Articles

Back to top button