STRRAT Malware Is At It Again

A recent post from the Microsoft Security Intelligence revealed that STRRAT Malware is at it again with a new version release. The STRRAT malware is an odd duck to say the least. This STRRAT Malware is a Java-based RAT that poses as ransomware. It changes the file names on the infected devices by appending the “.crimson” extension without actually encrypting the files.


The STRRAT Malware is actively distributing itself through a phishing campaign which includes a malicious attachment. Downloading this attachment will allow the malware to connect with the server to download the payload onto your computer. Once the payload is injected onto the computer the malware will start stealing data like passwords and installs keylogging software. It will also run remote commands and PowerShell, and executes other activities though it’s backdoor access. On top of it all the malware will also start renaming files and making them unusable.  Although a user may think they were attacked by ransomware it can be remedied by removing this extension and the file will open again.


What to do?

If you or your business happens to get infected with STRRAT you should first unplug your computer from the network. Then we can test and see if its the TRRAT Malware or true Ransomware by removing the added extension from the file name. If the file becomes usable then its STRRAT if it becomes a corrupt file then it’s ransomware and you would have to take other actions.

 This guide will assist you on how to remove the STRAT Malware.

Keep in mind providing your employees with cyber security awareness and properly protecting your computers with robust anti-malware may also help fend off such attacks right away.

author avatar
Patrick Domingues

Leave a Comment

Stay Informed

Receive instant notifications when new content is released.