Test subject – Umaru, the Japanese ransomware
Umaru or DriedSister is an unusual ransomware, in the sense that unlike most ransomware, this one encrypts files, but does not ask users to pay a ransom. The virus is relatively new, being reported in February 2018 and it seems it was conceived to attack Japanese users in the first place. It targets several types of files, especially the ones which contain the word “recover” in the name. The ransomware uses AES encryption, and once files are infected, they cannot be decrypted anymore. Currently, there are no decryption tools available for this variant.
Umaru ransomware test facts
When executed, the ransomware will show a small window with Japanese text while files are being encrypted in the background. The encryption process targets office documents, pictures, videos, music, archive files accessible from the local machine. When a document is encrypted, a new extension is appended to the original file name, 干物妹!. As there is no ransom note, nor a decryptor available, the files which fall victim to this ransomware are permanently lost unless they can be restored from a backup image.
Umaru ransomware test results
TEMASOFT Ranstop detects this variant of Umaru ransomware soon after it starts encrypting files. Upon detection, alerts are fired off, actions are executed as configured (e.g., isolate the machine) and, at the same time, the malicious process is stopped and quarantined. All the encrypted files are automatically restored. Such an attack causes zero downtime to machines protected by TEMASOFT Ranstop.
About TEMASOFT Ranstop
TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.
For more information, follow us on social media and subscribe to our newsletter.