TargetCompany ransomware is a type of malware that encrypts all the files on a computer until the user pays a ransom. Files encrypted by TargetCompany will have a .artiis; .brg; .mallox; .architek; .tohnichi; .herrco, .ca extension appended to the end of the file name. TargetCompany is delivered through a Win32 EXE file and has been spotted inside the following files and processes: ['local.exe']
Table of Contents
What is Ransomware?
Ransomware is a type of malware that encrypts the victim's files or devices and demands a ransom in exchange for decryption. Ransomware has been a growing threat since the first attacks were reported in the mid-2000s.
Ransomware can spread in several ways. One of the most common ways is via email phishing campaigns. Emails containing malicious attachments or links to malicious websites are sent out to potential victims. Once the victim clicks on the attachment or visits the malicious website, ransomware is downloaded onto their computer. Ransomware can spread other ways include social engineering, exploit kits, and drive-by downloads.
TargetCompany Ransomware Capabilities
TargetCompany ransomware copies malware to removable media and uses Autorun features to move onto systems on disconnected or air-gapped networks. TargetCompany ransomware uses various techniques to find and steal information from its victims, including file and directory discovery and the use of custom tools to interact with the native API. TargetCompany ransomware may attempt to gather information about attached peripheral devices and components connected to a computer system. The information may enhance their awareness of the system and network environment or may be used for further actions.
Mitigations Against TargetCompany ransomware:
A few things can be done to help reduce the risk of TargetCompany ransomware attacks, such as disabling autorun if it is not necessary, and disallowing or restricting removable media if it is not required for business operations. TargetCompany ransomware can also be avoided by utilizing Yama to restrict ptrace and deploying security kernel modules that provide advanced access control and process restrictions. TargetCompany ransomware can be mitigated by using file system access controls to protect folders such as C:\\Windows\\System32.
How to Remove Ransomware?
There's no guaranteed way to get rid of ransomware once it's infected your computer. However, there are some steps you can take to minimize the damage. The first is to make sure you have a backup of your computer. If you do, you can restore it after you've cleaned your computer. If you don't, you'll have to spend time and effort rebuilding your computer from scratch. You can also try to use decryption tools to get your files back.
How to Protect Against Ransomware?
The best action against ransomware is proactive action. Some of the things you can do to prevent ransomware attacks:
- Update your software: It is important to ensure that all your software is up to date. In particular, all your operating systems and applications must be updated as soon as security updates are released.
- Make a backup: It is essential to maintain a backup of all your files, so that you can restore them in case of an infection.
- Use caution when opening files: When you receive an email attachment, it is crucial to make sure that it is not malicious. If you are not expecting an attachment from someone, it is best to contact them to make sure that it is not malicious.
- Use antivirus software: It is important to ensure that your computer is protected with antivirus software. Without antivirus software, your computer will not be protected from malicious software.
Leave a Reply
Thank you for your response.
Please verify that you are not a robot.