Erebus 2017 Ransomware
Posted: February 8, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 98 |
| First Seen: | February 8, 2017 |
|---|---|
| Last Seen: | June 16, 2022 |
| OS(es) Affected: | Windows |
The Erebus 2017 Ransomware is a Trojan that can use the AES encryption to block you from opening files of particular formats, such as documents or pictures. Threat actors are using the Erebus 2017 Ransomware to solicit ransoms through Bitcoin payments, after which they supposedly will give you services for recovering your data. As always, PC users keeping backups are less at risk of suffering long-term effects from these attacks, and dedicated anti-malware software can prevent them, by intercepting and deleting the Erebus 2017 Ransomware.
Hello Darkness, My Old Enemy
Alternately referred to in ancient folklore as either an underworld or a primordial god of the dark, Erebus now is being taken as the brand name for a new campaign involving holding its victims' files hostage for Bitcoins. The Erebus 2017 Ransomware has no known relatives and uses components, including ransoming messages, which it isn't borrowing from free resources or other projects. For the moment, malware experts have yet to determine its SOP for installing itself, although recreational and casual PC users are most likely of being the desired targets.
The Erebus 2017 Ransomware's installation uses a Windows exploit that allows it to bypass standard UAC prompts that request the user to grant the application elevated system privileges. A combination of Registry exploits and misapplied file names hijacks the Event Viewer into loading the Erebus 2017 Ransomware, which, then, connects to a network to coordinate the victim's information, such as the geographical region. More pertinently to its campaign's intentions, the Erebus 2017 Ransomware also begins scanning for files to encrypt.
Dozens of formats of data receive an AES algorithm-based enciphering, and their default extensions also are modified with an ROT-23 cipher. The Trojan leaves the non-extension portion of the name intact. Malware experts also verify the Erebus 2017 Ransomware's following the tradition of similar Trojans by attacking SVC backup data that could help a victim recover their files through Windows restore points.
Pulling Your Files Back out of the Dark
Post-attack, the Erebus 2017 Ransomware's symptoms are all but unmissable; the Trojan creates a highly-visible Readme file in HTML and also launches a pop-up notification automatically. Its threat actors are using a Tor-based Web network for collecting Bitcoin ransoms, supposedly for the purpose of selling their decryption solutions and helping you unlock your files. The associated text messages also include a time limit (currently four days) for purchasing the decryptor. However, the extortion messages aren't copy-pasted from old campaigns and are one of the several indicators that the Erebus 2017 Ransomware may be an entirely new Trojan coded by programmers with at least a bare minimum of experience.
Since malware researchers see threat actors taking payments and providing broken or nonexistent recovery services routinely, most PC users should consider storing backups in non-local drives for handicapping these attacks. The meager (under one hundred USD) fees the Erebus 2017 Ransomware demands also may be resultant of its remote attackers using distribution models orienting towards individual, casual PC users, such as freeware bundles or torrents. Most anti-malware products can protect your system from these distribution methods by deleting the Erebus 2017 Ransomware before its installation finalizes.
The Erebus 2017 Ransomware uses a semi-clever means of compromising Windows that takes advantage of security oversights inherent to the operating system. Although its ransoms aren't the highest malware experts are seeing, its methodology is a good indication of why Windows users need to continue backing up their data and updating their OS when applicable.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.