Faizal Ransomware
Posted: April 19, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 10 |
| First Seen: | April 19, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The Faizal Ransomware is a Trojan from the Hidden Tear family that uses file-encrypting attacks to stop you from opening your files and asks for money to unlock them. Non-paying solutions to these attacks can include recovering from a backup or using free decryption utilities outside of the threat actor's purview. Although malware experts always encourage using prevention-based security protocols, most qualified anti-malware programs should be able to remove the Faizal Ransomware from your computer.
More Ransoms Piling Up on the Coast of Indonesia
Indonesia continues to stay in the target acquisition sights of threat actors familiar with Hidden Tear's open-source code, a trend seen with Kampret Ransomware most recently and, now, being picked up by the Faizal Ransomware. Although the Faizal Ransomware isn't the work of the same team of con artists necessarily, it includes all of the file-locking and ransoming techniques familiar to malware experts from different versions of this Trojan family. However, the file data so far provides no indicators as to how the Faizal Ransomware's authors are distributing or installing it.
The Faizal Ransomware is little-changed from old variants of Hidden Tear. When installed, the Trojan tries to extort money from the PC's user by way of the following attacks:
- The Faizal Ransomware scans for files to hold up for ransom while excluding sensitive locations, such as the operating system's folder. Its scans may include the drives of plugged-in storage devices or ones accessible over an unprotected network.
- Appropriate files, such as documents, are encoded with an AES-based cipher. Every file that the Faizal Ransomware encodes also has a new extension ('.gembok') that the Trojan appends after the original.
- Most variants of Hidden Tear use Notepad TXT-based ransom messages, but the Faizal Ransomware, instead, creates an HTM file. Its Indonesian-only instructions ask for a 100,000 sum in Rupiah to unlock your files, which the threat actor requests via a prepaid voucher code.
- Depending on which features the Trojan's author leaves enables from Hidden Tear's baseline, the Faizal Ransomware also may take further actions, including disabling some applications, blocking your desktop, or erasing any local system backups.
Hauling an Earnest Predator Back to the Waves of the Web
The Faizal Ransomware offers few technical differences from the many versions of Hidden Tear Trojans that malware experts see daily nearly. Social engineering-wise, however, the Faizal Ransomware does show that Indonesia remains a ripe target for extortion-based Trojan campaigns, as well as showing off one of the alternative payment methods con artists can opt for instead of the usual crypto-currencies. Because the Faizal Ransomware may cause file damage that isn't recoverable practically, preventing an attack is advisable instead of disinfecting the effects of one especially.
Malware experts advise that any potential victims keep watching infection most often related to threats of this type, such as e-mail spam or hacked sites delivering instances of the RIG Exploit Kit. Unlocking your files often can be done by third-party utilities developed by the anti-malware industry at large, of which the Hidden Tear family does have some available. A majority of anti-malware programs of well-known brands also can identify and remove the Faizal Ransomware as a threat before it ever begins encrypting your media.
Thanks to its easy accessibility on underground sources, Hidden Tear could become the fastest-breeding family of file-encrypting threats to date. Sadly, for PC users without any backups, Trojans like the Faizal Ransomware often see themselves supplanted only when even more efficient, competing Trojans become available.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.