Guardware@india.com Ransomware

Posted: November 29, 2016

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	19

First Seen:	November 29, 2016
OS(es) Affected:	Windows

The 'Guardware@india.com' Ransomware is a variant of Rakhni, a group of Trojans that solicit ransom payments after encrypting your files to stop you from using them. Due to con artists refusing to provide any further assistance after being paid frequently, malware experts suggest other recovery choices, since this family is vulnerable to free decryptors. Standardized anti-malware products can help remove the 'Guardware@india.com' Ransomware either before or after its attack occurs.

When the Names of Your Files Become E-mail Addresses

Just like the people responsible for them behave as distinct individuals, file-encrypting Trojans vary broadly with how they communicate with any victims. Malware experts often see campaigns conducting extensive efforts through in-depth website user interfaces with sophisticated network obfuscation. However, just as often, a less experienced or invested threat author uses a much simpler ransoming strategy, which readers can see with the 'Guardware@india.com' Ransomware.

After deploying itself against live targets in a campaign most likely starting in September, the 'Guardware@india.com' Ransomware proceeded with leveraging encryption-based attacks against their files. In addition to targeting local drives, the 'Guardware@india.com' Ransomware also scans for network-accessible ones, including hidden or administrative shares. The resident data is enciphered to make them unreadable, while also being labeled with the 'Guardware@india.com' Ransomware's extension, an 'XTBL' format string that also includes the e-mail for contacting its threat actor.

Based on past reports, the 'Guardware@india.com' Ransomware's threat actors demand three Bitcoins (over two thousand USD in value) before providing any decryption help. Unlike most file-encrypting Trojans malware experts find, the 'Guardware@india.com' Ransomware contains no communication or ransom infrastructure other than the given e-mail, and there is no built-in decryption feature. Such omissions increase the probability of the 'Guardware@india.com' Ransomware's authors being able to take the money without trading anything back afterward.

The Unnecessary Cost of Spending Bitcoins on Naught but Promises

The 'Guardware@india.com' Ransomware's method of choosing which data to damage may mean that its campaign is concentrating on business interests, which would be at risk for receiving more costly losses of file data than personal computer users. Categorically similar threat cases tend to exploit unsafe e-mail habits on the part of workers, with the Trojan droppers concealing themselves as being work or shipping-related documents. A minority of attacks also uses direct, manual installations that the threat actors enable after brute forcing a particularly weakly password-protected system.

Malware experts see reasonable rates of successful data recovery through free decryption services that can decrypt the files that the 'Guardware@india.com' Ransomware damages. Additionally, not all versions of this Trojan appear to erase local backups, such as SVC data, that may open other avenues for recovering without paying any ransoms. In either case, whether or not you can retrieve your data, your anti-malware software can detect and delete the 'Guardware@india.com' Ransomware most accurately, to prevent any further damages.

Before viewing a text file, spreadsheet or another piece of data that seems to be safe, double-check the sender. If it's not one you recognize, it could be another example of the persistence of file-encrypting threats like the 'Guardware@india.com' Ransomware.