A new ransomware named Allarich has emerged, adding a fresh threat to the malware landscape. It operates by encrypting files and appending the “.allarich” extension to the affected files. For instance, a file named “1.jpg” would be altered to “1.jpg.allarich,” and similarly, other files like “2.png” would be renamed to “2.png.allarich.” Upon completing the encryption process, Allarich generates a ransom note titled “README.txt,” which appears on the victim’s system. The ransomware also changes the desktop wallpaper to further intimidate the victim.
Unlike many other ransomware variants, Allarich’s ransom note does not include typical language about file encryption or the demand for payment to recover the files. Instead, the note’s wording is more subtle, simply stating that the price for decrypting the files depends on how quickly the victim establishes contact with the attackers. This is a deviation from the usual pattern where ransomware notes demand a set payment amount and provide instructions for payment.
The behavior of Allarich was analyzed in a test environment, where it was observed that the ransomware successfully encrypted files and appended the “.allarich” extension without issues. This behavior confirms that Allarich follows the typical encryption pattern of ransomware, where files are locked and held hostage until a ransom is paid. However, the lack of explicit instructions about the encryption itself and the ransom demand sets Allarich apart from traditional ransomware, which often provides clearer information on how to pay the ransom and decrypt the files.
Security experts have classified Allarich using several detection techniques, including behavior-based, file-based, and machine-learning-based categories. These include SONAR.Cryptlocker!g38, Ransom.Allarich, WS.Malware.1, and various Heuristic Advanced Machine Learning classifications such as Heur.AdvML.A!300, Heur.AdvML.A!400, and others. The ransomware’s ability to evade traditional detection methods makes it a noteworthy threat in the evolving cybersecurity landscape.
Reference: