UEFI Ransomware
Posted: August 9, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 85 |
First Seen: | August 9, 2017 |
---|---|
OS(es) Affected: | Windows |
The UEFI Ransomware is a Trojan that claims to encrypt the files on your PC and demands ransom money for restoring them. Current versions of the UEFI Ransomware lack a working encryption feature, although malware experts are estimating that this threat is in the middle of its development and may have upgrades in that capacity later. Back up your files to give yourself an alternative to paying ransoms to threats like the UEFI Ransomware, and remove the UEFI Ransomware with anti-malware products with histories of combating encryption-based Trojans.
Catching Trojans Halfway Done
Identifying threats before their code is complete may give potential victims a signal in advance of the risks and solutions entailed in an infection. These early samples also can provide an overview of the symptoms one can expect, as well as the potential cost of recovering from the attack. For the UEFI Ransomware, a Windows-based threat, that price can be over several hundred dollars.
The UEFI Ransomware only includes one major feature that works, for now: a wallpaper-hijacking one that resets the desktop background to a JPG that the Trojan drops on the infected computer. It uses this image for conveying its ransom demands for 350 USD, in the Bitcoin crypto currency, to restore your encrypted files. The same note also identifies as the UEFI Ransomware by name, although internal data in the program suggests an alias of the 'Hell's ransomware.' The Trojan also has an unused text file that the threat actor may intend as a secondary ransoming message.
While the UEFI Ransomware has the external warning signs of being a file-encrypting threat, malware experts can confirm no such attacks through the versions of the UEFI Ransomware that are in circulation, so far. Compromised PCs should suffer no encryption damage to their media or changes to their filenames (such as the appending of new extensions).
Finishing Off Trojans Before They Finish Their Payloads
Adding a non-consensual encryption feature to Trojans like the UEFI Ransomware can be done with freely-available code in almost no time, although some threat actors prefer longer development cycles to create truly secure data-locking ciphers. Recovery options against finalized threats of the UEFI Ransomware's classification include both compatible, freeware decryption programs, as well as backup strategies not vulnerable to being deleted or encrypted during an infection. Malware experts find very few, file-encrypting threats advanced sufficiently to target cloud backups, and removable device-based storage is equally viable.
Other than its use of components meant for exposure to English speakers, malware experts can find limited data on who the UEFI Ransomware intends to extort Bitcoins from or how it might spread. Its name's reference to the BIOS replacement of the Unified Extensible Firmware Interface also may indicate that its developer is trying to compromise newer systems, although no specific incompatibilities with older ones are detectable. Roughly one out of every seven brands of anti-malware programs are identifying and removing the UEFI Ransomware as a threat, and updating your security software can help increase those detection rates.
A Trojan that's half-built offers a glance into an, unfortunately, unsurprising future: one where PC users who don't trouble themselves with making backups may be forced to spend hundreds of dollars, just for the hope of getting a decryptor. As long as Trojans like the UEFI Ransomware continue using Bitcoin-based ransoms, any chance of a complete, post-infection recovery can be entirely in an artist's hands.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.