Test subject –Iron ransomware
Iron is an unsual combination of three popular ransomware variants: Maktub, DMA Locker, and Satan. It borrows elements from each of these, both operational and visual, making it difficult to classify. Original Maktub allowed the free recovery of one encrypted file, Iron, however, doesn’t. It encrypts 374 file extensions, including some PC games related files, like profiles. Unlike other ransomware, it will not remove Shadow Volume Copies or Restore Points, so theoretically some recovery is possible.
Iron ransomware test facts
The attack starts immediately as soon after the executable is launched, and it is also swift, encrypting many files per second, depending on their size. Encrypted files will have “.encry” as their new extension. Once the encryption is finished, many visual similarities can be observed between Iron and Maktub, regarding the recovery notes, apps and payment portal, although Maktub is not mentioned anywhere. These are all nicely designed and colorful, containing information on how to recover the files, as well as bitcoin details and costs. There is also a counter, highlighting that prices will increase periodically.
We don’t know of any free recovery tools, so it is unlikely that files can be rescued without paying, however, we will never recommend it. Some recovery is possible using Shadow Volume Copies and Restore points, although both are limited and most likely will contain only a few unaltered files.
Iron ransomware test results
TEMASOFT Ranstop detects Iron ransomware very soon after it starts processing files. Upon detection, the user is alerted, and the rogue process is stopped and quarantined. The affected files are automatically recovered so that the user doesn’t lose any important document.
About TEMASOFT Ranstop
TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.
For more information, follow us on social media and subscribe to our newsletter.