Erebus Ransomware
Posted: January 4, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 8/10 |
---|---|
Infected PCs: | 84 |
First Seen: | January 4, 2017 |
---|---|
Last Seen: | April 11, 2022 |
OS(es) Affected: | Windows |
Ransomware authors have focused on using the names of gods and goddesses to label their latest crypto-threat creations seriously. After the Locky Ransomware's operators released variants such as the Osiris Ransomware< and the '.thor File Extension' Ransomware, an anonymous group of cybercrooks have opted to follow their footsteps by releasing the Erebus Ransomware, a threat named after the Greek god of darkness. The Erebus Ransomware is your typical piece of crypto-threat that works by applying a strong encryption to files that match its criteria for encryption and then demands a ransom fee whose amount may vary.
The authors of the Erebus Ransomware seem to be a bit more advanced than most ransomware operators we see these days, because they've taken the time to set-up unique payment pages hosted on the Tor network, which makes their harmful operation more anonymous, and therefore protecting themselves. When the Erebus Ransomware infiltrates a computer successfully, it may perform several actions that will ensure that this threat will stay active after the computer has been restarted and users will not be able to get rid of it without the help of credible anti-malware software. Every file that the Erebus Ransomware encrypts also will have it's file extension modified to '.ecrypt' (e.g. 'document.txt' will become 'document.txt.ecrypt'). One peculiar thing about the Erebus Ransomware is that it does not encrypt specific files or folders that are related to important Windows services or applications. It is also worth nothing that it leaves files with the name 'wallet.dat' unharmed since they are usually used to store information about the victim's Bitcoin wallet address, and without it, they might not be able to complete the payment.
The Erebus Ransomware leaves its ransom message in a single file called 'YOUR_FILES_HAS_BEEN_ENCRYPTED.txt,' which is usually stored on the victim's desktop. The ransom note is quite long, and it tells users that their files have been encrypted via an RSA-2048 key securely, which is only stored on a secret server under the control of the attackers. This key is required for file decryption and the only way to get it is to follow the ransomware operator's demands. The victim is then asked to download the Tor browser and visit the payment page where they'll have to provide the unique machine ID found in the ransom note, and in return, they'll see how much they have to pay for decryption. Usually, crypto-threat operators demand 0.5 to 1.5 Bitcoins in exchange for the decryption instructions, but there's no guarantee that the Erebus Ransomware will not be an exception that requires more or less money. Regardless of the sum that the Erebus Ransomware asks victims to pay, we assure users that this is not a reliable way to solve the problem. The Erebus Ransomware's authors offer no guarantee that users will get their data back, and it will not be a major surprise if they end up taking the victim's money without fulfilling their end of the deal.
Having your files locked by the Erebus Ransomware is certainly not an enjoyable thing, especially if you don't have a recent backup that you can use to recover your data. If a backup is not available, then your best shot is to run an anti-malware utility that can fully remove the corrupted files and Registry entries that brought the Erebus Ransomware to your computer. Although this method is not guaranteed to work, some users might be able to recover their files partially by using file recovery software suites. It also is recommended to backup all '.ecrypt' files, since you may need them if a free decryptor for the Erebus Ransomware gets released in the future.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:dir\name.exe
File name: name.exeSize: 1.24 MB (1249280 bytes)
MD5: 0ced87772881b63caf95f1d828ba40c5
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: dir
Group: Malware file
Last Updated: April 11, 2022
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.