Voldemort Ransomware

Posted: September 25, 2016

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	97

First Seen:	September 25, 2016
OS(es) Affected:	Windows

The Voldemort Ransomware, also identifiable by the Nagini alias, is a Trojan that encrypts your files and loads an interactive pop-up demanding your credit card information in exchange for the decryption key for restoring the content. The dangers around this mean of data recovery force malware analysts to encourage other solutions, including, most prominently, using backups to stop the Voldemort Ransomware from causing any irreversible file damage. Updating your anti-malware programs also can help them better identify and delete the Voldemort Ransomware beforehand.

A Snake Whose Bite is Just as Bad as Its Appearance

Ordinarily, Trojans that collect financial information and Trojans that use data-ransoming attacks are separate classifications of threats with features that overlap minimally, if at all. Sometimes, however, malware researchers find new threats that blur the lines slightly, as is the case with the Voldemort Ransomware. This September-era Trojan conforms to most standards of threatening file encryption campaigns, but, instead of asking for an anonymous payment, asks for financial information that a threat actor could abuse indefinitely.

Some institutions also are identifying the Voldemort Ransomware by the alias of Nagini, which it owes to its unusual, Harry Potter-derived choice of its visual theme. The Voldemort Ransomware encrypts your files through an algorithm still under identification, with malware researchers verifying that it does not include a renaming feature (such as adding an ID number or extension to the encrypted data). While the Voldemort Ransomware doesn't deliver a traditional ransom message via text documents, it does create a Voldemort-themed HTML pop-up.

The pop-up includes fields for entering your credit card data for procuring a decryption key, which you may use to decrypt your files theoretically. Unlike most forms of Trojan-based ransom campaigns, the Voldemort Ransomware asks for information that con artists could exploit for repeatable charges, instead of a one-time cash transfer.

Banishing a Practical Embodiment of Evil from Your PC

While the Voldemort Ransomware's authors ask for an unusually valuable form of ransom, their presentation does use some subtle social engineering methods to pressure the victim into submitting. The Voldemort Ransomware doesn't include a time limit and uses an automated interface, which gives the PC user ample time to 'pay' the ransom with their credit card information out of the hope that the program's response is prompt and automatic. The Voldemort Ransomware pop-up also may lock the users out of their desktops or the rest of the Windows UI.

As far as malware researchers can discern, the Voldemort Ransomware is unrelated to past threats, and a majority of PC anti-malware solutions to date have failed at identifying it. Its primary executable file drops into the Windows Temp folder, with the highly identifiable name of 'the Voldemort.horcrux.' Use updated anti-malware products with histories of detecting similar data encrypting Trojans to identify and remove the Voldemort Ransomware.

The Voldemort Ransomware campaign does seem to be in the middle of its development, and, hopefully, quick responses among PC owners and the PC security industry can keep this Trojan from using its particular brand of magic on too many innocent files.