Click Me Ransomware

Posted: October 19, 2016

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	30

First Seen:	October 20, 2016
OS(es) Affected:	Windows

The Click Me Ransomware is a Trojan that encrypts your files for the purpose of ransoming them while distracting its victims with a button-chasing game simultaneously. Although it is incomplete and lacks full hard drive-encrypting functionality currently, present-day versions of the Click Me Ransomware would be relatively simple to expand into a model applicable against live targets. Malware experts advise using anti-malware tools for deleting the Click Me Ransomware preemptively, whenever you acquire downloadable games from unsafe sources.

The Cost of Clicking in All the Wrong Places

One of the most precarious phases of operation in the life of a file encrypting Trojan is the file-searching and encryption routine, which takes some time to identify appropriate data types and, then, encode them according to a specified algorithm. Although there are visual cues of this function rarely, the sheer duration of it can give victims time to respond and remove the offending threat. Some threat authors, like those responsible for the Click Me Ransomware, use creative ways of overcoming this disadvantage.

The current samples of the Click Me Ransomware all showcase a test build that targets a single, sample file (a PNG in the D drive). However, in doing so, the Click Me Ransomware demonstrates a functional encryption feature, along with a renaming function that can append the '.hacked' extension to the victimized data on top of any preexisting extension flags. However, malware experts found more unusual traits in what the Click Me Ransomware does in the meantime to distract a victim.

While implementing this payload, the Click Me Ransomware also creates a window displaying a simple 'game' where the user can use his mouse cursor to chase a rapidly-moving button. The window also includes user-cued background transitions that rotate between different combinations of popular franchises and stock imagery. If the players continue causing screen changes, they arrive at the final image eventually: the Click Me Ransomware's ransom message, which asks for an indiscriminate amount of money in return for helping you decrypt your data.

Beating a Modern Hostage-Taker's Game

The sample of the Click Me Ransomware under analysis uses Farsi-based ransom notes, making Iran and associated regions predominantly at risk of being targets. While similar Trojans tend to use fake e-mail invoices, and similar, business document-based installers, the Click Me Ransomware is more likely to distribute itself in a manner that synergizes with its disguise. These options could include bundling itself with real Web games or use links on social networking platforms.

Although there is no fully-functional version of the Click Me Ransomware in release in the wild, few changes would be required to bring this Trojan up-to-date with its already-established competition. PC owners in general, and especially those in Farsi-dominant nations like Iran, may want to monitor gaming links for signs of harmful intent. Standard anti-malware protection should be able to intercept and remove the Click Me Ransomware, which is, so far, not open to decryption.

Whether or not it ever sees a real deployment, malware experts outline the Click Me Ransomware as a threat whose creativity points to the constant evolution of disguises for threatening software.

Click Me Ransomware

Threat Metric

The Cost of Clicking in All the Wrong Places

Beating a Modern Hostage-Taker's Game

Leave a Reply