Czech Ransomware
Posted: August 23, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 90 |
| First Seen: | August 23, 2016 |
|---|---|
| OS(es) Affected: | Windows |
The Czech Ransomware is a Trojan that locks your files by encrypting them and launches a pop-up to ask for Bitcoins before its threat actor gives you the decryption solution. PC users should avoid protecting their local data by watching for the symptoms of an infection, which appear after the (potentially non-reversible) encoding occurs. When possible, malware analysts recommend deleting the Czech Ransomware with an anti-malware product of your choice and recovering all content from backups.
The Czech Republic Gets a New Taste of Trojans
With many threat actors upgrading to honed methods like crafted e-mails for distributing their Trojans, it can be easy to forget about the previous popularity of website vulnerabilities and Exploit Kits. The people newly-responsible for the Czech Ransomware show an interest in bringing back this 'old-school' infection vector currently, with two compromised domains serving the Trojan to any vulnerable PCs. The sites, like the Czech Ransomware, itself, target Czech-speaking PC users, although the campaign is, otherwise, traditional for attacks of its kind.
The Czech Ransomware encrypts your files according to a two-part method that, first, uses AES to lock your content, and RSA to prevent any security researchers from decoding the first cipher. You can identify any locked content by their '.encr' extensions. Fortunately, malware experts find the Czech Ransomware using very narrow definitions for formats to encode, specializing in video and audio media (such as MP4, AVI, MPG, and WMV). Text content like documents or spreadsheets is not within the current parameters.
The Czech Ransomware delivers its ransom demands for selling its file-unlocking decryption services over an HTML application, very similarly to 'This is Hitler' Ransomware, Jigsaw Ransomware, and other threats with interactive pop-ups. Its authors ask for Bitcoin payments to prevent any victims from taking their money back afterward even if there is no decryption help.
Containing Another Outbreak of European Threats
Malware experts' past experiences with similar campaigns indicate that the Czech Ransomware is liable to appear in new, regional variations in the next few months. Even if its threat actors take no further action, victims can experience attacks after doing no action more harmful than browsing one of its host websites (financnasprava(dot)digital and uradvlady(dot)eu) without proper security. Disabling your browser's script-based features, using an ad-blocker and having anti-malware products that block unsafe domain requests should eliminate these infection vectors.
Regardless of the competence of your security software, data encryption, particularly when protected by asymmetric AES-RSA methods, isn't guaranteed of being curable. Keep your files safe by backing them up preemptively to a location not likely of being the target of a Trojan's attack, and avoid paying money to threat actors who have no motivation to honor their word on ransom-based transactions. Users with anti-malware products may detect and delete the Czech Ransomware automatically, although rates of identifying this new threat remain non-ideal across the cyber security industry.
No matter how large or small your country is, con artists are both willing and able of finding ways of seeking profit by attacking your computer. The Czech Ransomware shows that just as much as always, any individual hacker is capable of pushing his attacks forward in ways that aren't always predictable.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.