Bitcoin Ransomware Education – Mordor

It appears to be the season for various new types of crypto-ransomware. Even though the number of threats has anything but subsided over the past few months, new types of malware are on the horizon already. One of the new ransomware strains goes by the name of Mordor, which is a clear reference to the Lord of the Rings trilogy.

Mordor Ransomware Can be Quite Problematic

Although one could argue every type of crypto-ransomware poses a vicious threat, Mordor may be one of those strains that warrant extra caution. It is possible to get rid of this malware free of charge, though, but it is always better to be aware of these new developments. So far, it appears Mordor is one of the first creations based on the Karmen ransomware-as-a-service project.

This particular type of ransomware is designed to encrypt files on a victim’s computer by using the AES-256 encryption cipher. Interestingly enough, Mordor is one of those types of malware that does not change file extensions after the encryption process. For the average computer user, it may even appear as if nothing is wrong with their computer in the first place. A rather unique approach, to say the least.

What is rather “cool” – so to speak – is how Mordor will change the computer’s wallpaper to depict Sauron’s eye. This wallpaper also serves as a message to the victims of that their computer is infected with ransomware. The amount of money to be paid to restore file access seems to vary from target to target. Not paying the ransom is always the best course of action, though. After all, paying the money only results in a 50% chance of seeing files decrypted.

Mordor ransomware is seemingly spreading itself through spam email messages, or nefarious links found on social media. Both methods of attacks have proven to be quite successful and lucrative for cyber criminals over the past few months. Moreover, it is certainly possible criminals distribute Mordor by uploading files to torrent websites as well. Given the peer-to-peer nature of the BitTorrent protocol, using malware-laden pirated content is a great way to increase the number of potential victims.

We have all seen how malware and ransomware become smarter over time, resulting in these malicious types of software successfully avoiding detection for an extended period of time. Mordor is no different in this regard, as it will shut down and delete the loader if any threats to its performance are detected. The malware is also communicating with a command-and-control server, allowing the developer to keep tabs on individual victims at all times. Every infected victim has their own dedicated Bitcoin address to send the ransom to as well.

Thankfully, it is somewhat of a trivial matter to get rid of this ransomware without paying the bitcoin fee. There is a Hidden Tear brute force – Mordor is based on the same source code – that should help victims in getting rid of the infection altogether. A more convenient solution is to restore files from a previous backup, or use the built-in system restore function. Never pay the ransom when dealing with Mordor ransomware, as there is absolutely no need to do so.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.