Jager Ransomware
Posted: July 27, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 22 |
First Seen: | July 27, 2016 |
---|---|
OS(es) Affected: | Windows |
The Jager Ransomware is a Trojan that attacks the non-essential files of your PC by running them through an encryption algorithm that prevents you from opening or otherwise using them afterward. While the Jager Ransomware displays a ransom message to encourage paying its con artist in return for restoring your data, malware experts recommend taking alternatives whenever possible. Removing the Jager Ransomware and other threats with the potential to cause direct damage to your PC's files always should be implemented through specialized anti-malware applications, if they're available.
The Digital Huntsman Comes for Your Files
In a month where variations and revisions of past threats are rampant, some threat authors continue developing seemingly brand-new threats without recycling the components of old ones. The Jager Ransomware is one brand-new Trojan delivering many of the same attacks as other file encryptors, but has no clear links, in code, graphical elements or delivery mechanisms, as other threats of its kind. While its name could imply an association with German-speaking regions (since 'the Jager' is a military term that derives from forestry workers drafted into light infantry units originally), all of its ransom notes, so far, are in English.
The Jager Ransomware appears to be a professionally-designed threat with no obvious weaknesses in its encryption attacks initially. The Jager Ransomware scans for dozens of file types on the infected PC (DOC, GIF, MP3, PPT, and ZIP are a very limited sample of its targets), while also excluding the default folders related to your operating system or essential components of executable programs. The Trojan then encrypts all content fitting its extension list and not in the blacklisted locations by using a combination of RSA and AES-256.
Malware analysts also saw another, mildly unusual inclusion during this encryption routine. The bodies of each file also have one extra modification, the insertion of an '!ENC' string. The Trojan injects these characters into the first four bytes, possibly for the sake of identification.
With the actual attack finished, the Jager Ransomware drops a custom, Web page-based ransom message. This message includes a static time limit for paying its Bitcoin fee and supposedly recovering your content, which increases every twenty-four hours. The text also offers free decryption services for a single file, along with additional details on how to make Bitcoin transactions.
Escaping a Trojan's Hunt for Bitcoin Ransoms
As little as the Jager Ransomware goes out of its way to deliver innovative, new attacks, it does take the time to develop a new brand identity that's not dependent on the standard ransom notes, icons, formats, or extension preferences that malware experts see in other campaigns. Its encryption function also uses genuinely difficult to decrypt algorithms with no transparent loopholes, such as the hard-coded, static key of the NoobCrypt Ransomware. Affected PC users who don't wish to gamble on the Jager Ransomware's ransom decryptor may have no choices other than waiting for the PC security sector to develop a free program to fill the niche.
Due to the risks of paying con artist ransoms for decryption and the difficulty of free decryption routes, malware experts especially stress using preparatory security protocols that can limit the effects of a Jager Ransomware infection. Backing up your essential content to a safe, detachable device or protected server can resolve the issue of file accessibility without needing to find a decryption key. Other security steps can target traditional installation points for threats of the Jager Ransomware's classification, such as scanning all incoming e-mail attachments.
Besides any data protection or recovery actions you deem as being necessary, removing the Jager Ransomware through established anti-malware procedures always should be one of your earliest steps. Since this threat doesn't install itself, other threats installing the Jager Ransomware also may include other threatening software in their dropped payloads.
While this Trojan's campaign has a limited infection count currently, the Jager Ransomware does show that many threat authors are still intent on delivering a 'quality' product to their victims. In the threat industry, originality in attacks is often unnecessary for accomplishing financial harm to a target.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.