UmbreCrypt Ransomware
Posted: February 16, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 55 |
First Seen: | February 16, 2016 |
---|---|
OS(es) Affected: | Windows |
The UmbreCrypt Ransomware is a Trojan that encrypts your data, such as images or documents, and then sells a decryption service through e-mail messages. Keeping backups can prevent the UmbreCrypt Ransomware from harming your data irrevocably, which malware experts emphasize in light of the revelation that the UmbreCrypt Ransomware causes permanent damage to the files the UmbreCrypt Ransomware encrypts. However, before restoring your files, you always should use dedicated anti-malware tools for removing the UmbreCrypt Ransomware from your PC.
The New Boss on the Ransomware Block
Although threat authors are industrious regarding the variations of common themes in development, this reputation rarely extends to being original about their choices of source code. Many file encryptors seen by malware experts in 2016 are variations on previously seen threats, such as the UmbreCrypt Ransomware, a Trojan based on the same family (dubbed 'CrypBoss') as the HydraCrypt Ransomware. Leaked source code into the wild has provided threat authors with the resources to create new versions of these threats with a minimum of development time required.
Malware researchers saw the UmbreCrypt Ransomware, like the HydraCrypt Ransomware, using drive-by-download attacks for installing itself. These attacks can trigger through a threatening or compromised website, and may utilize vulnerabilities on out-of-date platforms (such as JavaScript) or unpatched, 'zero-day' vulnerabilities on fully-patched ones. A browser without any additional protection will assist the UmbreCrypt Ransomware with its download and install process unintentionally, after which the Trojan begins scanning your hard drives.
The UmbreCrypt Ransomware's hard drive scans search for files of many types, including TXT, DOC, XLS, MOV, and ZIP. The UmbreCrypt Ransomware places emphasis on extension formats associated with work routines and data storage. The UmbreCrypt Ransomware renames the files with new 'umbrecrypt_ID_youruniqueID' but also, more importantly, encrypts them. The encryption process not only prevents you from opening them but also causes permanent damage to the last fifteen bytes.
Digging Your Files out of a Trojan's Crypt
The UmbreCrypt Ransomware uses its file encryption attack as an excuse for selling its decryption services back to its victims through e-mail communications. Fortunately, researchers at Emsisoft have provided a free decryptor for reversing the attacks of both the UmbreCrypt Ransomware and its relative, the HydraCrypt Ransomware. Despite this easy (and free) solution, decryptors still can't reverse the final byte damage caused by the UmbreCrypt Ransomware's attacks, which is where file backups may prove themselves essential. Note that most file encryptors do include measures for destroying local backups, such as restore points created by Windows automatically.
Although its file changes are difficult to miss, the UmbreCrypt Ransomware also displays extremely visible pop-up alerts pushing its victims towards paying for its ransoms under strict time limits. Since proper backup usage can neuter the UmbreCrypt Ransomware's potential damages almost entirely, there's no need to pay attention to its expiring time limits or recommendations. Instead, use anti-malware tools as appropriate for removing the UmbreCrypt Ransomware, and, then, recover any lost data.
Malware experts also encourage using safe Web-surfing practices for blocking the drive-by-downloads that could install the UmbreCrypt Ransomware or its relatives. Blocking scripts, updating software and having real-time Web protection services can make a difference between your files being safe or permanently damaged.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.