Memento Ransomware Gang Resorts to WinRAR if the Encryption Fails
Ransomware gangs often experiment with new attack methods, or extortion techniques. The Memento Ransomware organization is one of the latest groups to introduce a relatively novel attack technique. Their malware relies on the typical file-encryption attack in order to lock the victim out of their data. However, if their encryption fails for any reason, it will switch to an alternative file-locking mechanism - using WinRAR. The malware places that files it cannot encrypt in password-protected archives, therefore ensuring that no files will be spared during its attack.
The Memento Ransomware gang appears to rely on remote exploits in the VMware vCenter Server in order to penetrate the systems of their victims. However, they are likely to explore other vulnerabilities and infection vectors too. The best way to ensure that your data is safe from ransomware attacks is to invest in up-to-date antivirus software.
In addition to the double-encryption attack the Memento Ransomware uses, the criminals also rely on 3rd-party tools to wipe out traces of all files. The last step further reduces the victim's chances of recovering their data.
After the attack completes, the criminals deliver the ransom note, which contains a message for the victim. According to it, full recovery costs 15.95 Bitcoin (about $940,000,) while the decryption of individual files will cost 0.099 BTC per file – or about $5,850. So far, victims have never paid the ransom sum when dealing with the Memento Ransomware. Apparently, most of the victims were able to recover thanks to backups. It is not recommended to consider paying the ransom sum – the risk of getting scammed is too high. Instead, use an anti-malware tool to eliminate the threat, before trying out popular data recovery measures and options.
