A version of AstraLocker, AstraLocker 2.0 ransomware, has just been released. This updated version is what some threat analysts call a rapid attack, or smash-and-grab style of ransomware. The AstraLocker 2.0 developers use Microsoft Word attachments in emails to distribute their malicious payload using VBA macros. The user needs to click on the attachment and then click on an icon in the document for the OLE object in the payload to be activated. Double-clicking the icon causes a security warning to appear, and the user is then asked to run a file, WordDocumentDOC.exe.

The payload that is delivered directly via the email attachment is different, in that it cuts out traditional threat actor processes that are designed to evade detection by modern email security scanning tools and other triggers that alert the security operation center. Hence, AstraLocker 2.0 just wants to make a hard and immediate hit on anything they can immediately access, versus the studied and patient methodologies used by most ransomware attackers.

AstraLocker 2.0 attempts to disable anti-malware protections and EDR software. It will also kill any other processes running that can impact the successful encryption of data. Like all modern ransomware attacks, AstraLocker 2.0 deletes shadow copies and thereby jeopardizes your ability to recover.

To avoid becoming hostage to AstraLocker or other types of ransomware and malware, it is crucial to maintain recent offline backups of your most important files and data. Adopt a ‘defense-in-depth’ approach where you use layers of defense with several mitigations at each layer; this means you will have more opportunities to detect malware, and then stop it before it causes detrimental harm to your business.

If you want to learn more about how to best prepare and protect your business from ransomware and other threats, check out our blog, Reduce the Risk of Ransomware & Other Cyber Attacks.

Latest Ransomware Related Blogs

Ransomware impact on customer trust. lose-up of hands on a laptop keyboard with glowing code and digital particles floating around, giving a high-tech, programming or hacking impression.
Cloud ransomware vulnerability assessment. A hand holds a smartphone above an open laptop. On the laptop screen is a vivid red warning symbol with an exclamation mark inside a triangle, along with icons for email and settings. White arrows labeled "IN" and "OUT" point between the phone and laptop, suggesting a file upload or data transfer in progress. The scene conveys a cyberattack, security breach, or phishing warning.
Ransomware risk management framework. A professional wearing a blue shirt is interacting with a virtual, transparent interface emerging from their laptop. They use a stylus pen, suggesting precise control. Floating around their hands are various icons symbolizing technology, including cloud services, data analytics, global connectivity, finance or banking, and artificial intelligence. The image conveys the themes of digital transformation, data analysis, and secure management through technology.
Ransomware preparedness audits. A person dressed professionally is sitting at a laptop, typing on the keyboard. Around the laptop, there are virtual icons floating in the air, labeled with things such as problem-solving (a lightbulb icon), decision-making (gear icons with check and cross marks), and risk assessment (represented by a notepad icon). This image highlights a person engaged in analytical or cybersecurity-related work, emphasizing thoughtful decision-making.
ransomware resources
Contact Alvaka