Home Malware Programs Ransomware Smrss32 Ransomware

Smrss32 Ransomware

Posted: August 12, 2016

Threat Metric

Threat Level: 10/10
Infected PCs: 51
First Seen: August 12, 2016
OS(es) Affected: Windows

The Smrss32 Ransomware is a Trojan that targets and encrypts most data not residing in essential Windows directories, such as the Program Files folder. PC users can identify the Smrss32 Ransomware by its ransom message (which identifies it as a variant of the CryptoWall Ransomware incorrectly) and associated changes to file names. You should remove the Smrss32 Ransomware with the anti-malware products of your choice and use standard data recovery techniques for undoing the impact of its payload.

A Trojan with a Lot of Files on Its Mind

The different methods Trojans use to accomplish otherwise very similar attacks often provide clues into the experience or deployment strategies of their coders. The Smrss32 Ransomware stands out as one of the most 'unconventional' Trojans to perform a by-now-standard attack that encrypts the PC owner's data. Although these threats rarely exceed upper limits of attacking around five hundred data types, malware experts can confirm that the Smrss32 Ransomware's target list includes over six thousand extensions.

The Smrss32 Ransomware derives its name from its attempt at disguising its primary executable as a Windows component. After installing itself, the Smrss32 Ransomware scans for any files matching the above list. However, it excludes many directories associated with Windows installations, including locations that are mandatory for your OS. The Smrss32 Ransomware renames all appropriate content with the 'encrypted' extension and encrypts it by using a currently-unbroken AES algorithm.

Malware analysts note that a Smrss32 Ransomware infection will most likely be high in visibility, due to the placement of redundant copies of its ransom image throughout the PC's file system, as well as on the desktop. The Smrss32 Ransomware asks for approximately 590 USD in Bitcoins value for a decryptor, although PC security researchers are making efforts into providing free options.

Taking the Cheap Way out of Ransoming Your Hard Drive

Most threatening file encryptors require security mistakes on the part of their victims before they can install themselves. This adage is perhaps especially true for the Smrss32 Ransomware, whose campaign is reliant on RDP (Remote Desktop Protocol) connections that have been left insecure. Attentiveness to your network security settings should block all known infection vectors for this threat.

While the Smrss32 Ransomware does show many signs of being made by a less-experienced coder, it does use a real encryption algorithm. Backups can offer recovery options that don't require any decryption, and giving samples of the Smrss32 Ransomware and encrypted data to relevant security researchers can speed the process of developing free decryption tools. Malware analysts stress that paying the author of the Smrss32 Ransomware, or any other Trojan of its category, always should be a last resort.

Current samples of the Smrss32 Ransomware do include some limited self-deletion features. Despite that fact, you should use anti-malware products to guarantee the full removal of the Smrss32 Ransomware and the detection of other threats taking advantage of the same vulnerabilities in your security. If you have no interest in repairing potentially thousands of different types of files on your PC, use strong security practices and data-preservation tactics that the Smrss32 Ransomware can't affect.

Loading...