Herbst Ransomware
Posted: June 7, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 77 |
| First Seen: | June 7, 2016 |
|---|---|
| Last Seen: | June 28, 2019 |
| OS(es) Affected: | Windows |
The Herbst Ransomware is a file encryptor believed to be targeting German-speaking PC users currently that includes many of the standard, ransomware-based features while also lacking full implementations of other, critical ones. Despite its limitations, the Herbst Ransomware is fully capable of encrypting your content and blocking it from being used. Malware experts still consider the systemic use of backups and live anti-malware protection to be the best defense against the Herbst Ransomware in all aspects.
The Autumn that Never Ends for Your Files
Even threatening software needs to go through the same process of research and development as other programs. Although it's rare for such black market products to be released into the wild before they finish 'cooking,' the Herbst Ransomware is an example of just that happening. This threat appears poised for deployment to Germany and other regions with German as their predominant language. The Herbst Ransomware's modus operandi is to encrypt your computer's content, load a ransom message, and wait for you to buy a decryptor from its operators.
The Herbst Ransomware (whose name means 'Autumn' in German) doesn't scan all drives for files matching a particular extension, which is the SOP of most file encrypting Trojans. Instead, the Herbst Ransomware targets all data within specific directories, including the Desktop, MyMusic, MyPictures, Personal, and the Windows StartupPath. Its encryption routine does use a real AES-256-based algorithm, increasing the difficulty of brute-forcing a decryption solution.
The Herbst Ransomware also adds the '.the Herbst' tag to each file affected and spawns a new memory process that it dedicates to loading its ransom message during startup. Malware experts did note that its current ransom price is unusually low (below 100 USD in value), although this value may merely be for testing purposes.
Forcing a Change of Seasons on Your Hard Drive
A successful encryption attack blocks you from opening your relevant data just as surely as if you had lost the password to a password-locked archive. However, even though the Herbst Ransomware's symptoms all fall under the characteristics of a 'complete' file encryptor, malware experts confirmed the lack of calls to other, similarly essential functions. The Herbst Ransomware does not communicate with a C&C server, including both sending and receiving data, although it does include uncalled functions related to these activities.
Such issues make it even more hazardous than usual to try to pay a ransom for decrypting your files since con artists may not have access to the Herbst Ransomware's key or be incapable of processing the relevant data. Even if it's updated, which seems likely, the Herbst Ransomware can't offer any certainty of decrypting content once you've paid whatever sum it demands. Whenever handling the risk of a threat that targets data, malware researchers recommend making preemptive backups on non-local drives, which can overwrite content damaged irrevocably without losing anything permanently.
If required, removing the Herbst Ransomware always should be done by a dedicated anti-malware application. Disconnecting your PC from the Internet and making full use of your operating system's Safe Mode features will provide additional security during the scanning process, which may find other threats responsible for dropping the Herbst Ransomware on your PC.
For German residents, it appears that they will need to exercise all the usual precautions common to English-speaking regions to prevent a threat's version of autumn from chilling their data permanently.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.