Ransed Ransomware
Posted: July 17, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 8 |
First Seen: | July 17, 2017 |
---|---|
OS(es) Affected: | Windows |
The Ransed Ransomware is a Trojan that locks your media so that it can demand money for unlocking them later. You may limit these encryption attacks by having good backup strategies, but free decryption utilities also may be compatible. Malware experts suggest that you block and remove the Ransed Ransomware preemptively with anti-malware programs whenever you can, and have similar software uninstalling it promptly if you can't prevent the infection.
2017 Trojans Showing Off GeoCities Aesthetics
First impressions are as important to threatening software attacks as they are everywhere else, but not every threat actor cares about the looks of their programs necessarily. The Ransed Ransomware is a new Trojan of an unknown family that malware researchers and other industry experts are calling out for having odd cosmetic choices that also reflect on its internal vulnerabilities. Unfortunately, these issues don't extend to its encryption routine, which remains adept at blocking data automatically.
The Ransed Ransomware doesn't give the user any symptoms while it searches for files to lock. Afterward, however, any encrypted content is identifiable from the new '.ransed' extensions the program places after any standard ones (for instance, 'kitten.jpg.ransed'). Once encrypted, these files (which can include JPG pictures, DOC documents and other media) will not open and require a corresponding decryption function for conversion back to normal.
The Ransed Ransomware finishes its attack with a signature, interactive pop-up window. The Comic Sans-formatted ransoming instructions, reminiscent of early Internet website services, gives the victim a time limit and an explanation of the Bitcoin cryptocurrency it demands as its payment before unlocking your files. Its threat actor is opting to bundle the decryptor with the Ransed Ransomware and automate the transaction-verifying process for enabling it. However, very unusually, the Ransed Ransomware uploads the 'customer' data to a remote MySQL database for storage without securing the login data.
Sending Old-Design Trojans to the History's Waste Bin
Even with misleading software, there sometimes is room for comedy. Besides a choice of ransom note cosmetics that makes the Ransed Ransomware resemble a teenager's Web page more than an attempt at extortion, the Ransed Ransomware also endangers its threat actor with its lack of security in C&C communications inadvertently. However, these issues don't handicap the Ransed Ransomware's encryption functionality, which, still, makes it viable as a danger to your local files.
Malware researchers recommend using backups that you update regularly and store on non-local devices to eliminate the worst file damage from threats like the Ransed Ransomware, Hidden Tear, and similar, file-encoding Trojans. Most threat actors favor spearheading their encryption-based attacks via message forgeries or exploit kits that run on compromised websites. Scanning attachments with anti-malware tools before opening them and disabling notably vulnerable content, like Java and Flash, can reduce the chances of an attack. Standard anti-malware applications also should delete the Ransed Ransomware automatically without issues.
As much as careless misdeeds endanger its perpetrators, as well as the victims, the Ransed Ransomware isn't a campaign that ends happily for everyone necessarily. Even if issues in its network communications lead to the imprisonment of the Ransed Ransomware's author, any files the Trojan encrypts may remain just as imprisoned as him.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.