DriedSister Ransomware
Posted: February 20, 2018
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 45 |
| First Seen: | June 3, 2024 |
|---|---|
| OS(es) Affected: | Windows |
The DriedSister Ransomware is a Trojan that locks your files with a static encryption method. The con artists utilize these attacks for extortionist goals frequently, although the DriedSister Ransomware doesn't deliver any ransom note, and any content that it blocks is curable easily. Since the DriedSister Ransomware may receive further changes to its encryption routine, in the future, malware experts still encourage having an anti-malware program block and delete the DriedSister Ransomware as a likely threat to your computer's media.
The File-Locker with a Cartoon Mascot
While it's semi-rare for file-locking threats to specialize in highly-specific regions, as opposed to using as wide a dispersal strategy as possible, neither is it extremely improbable. The Japan-specialized, the DriedSister Ransomware, is one Trojan of this sub-category of threatening software that malware experts are noting for several unusual, and even amateurish traits. Although the DriedSister Ransomware is more of a temporary inconvenient than a long-term hazard for your data, its initial attacks do resemble those of the higher-level Hidden Tear, the Globe Ransomware, or the Crysis Ransomware families.
The DriedSister Ransomware uses a hard-coded encryption key for locking multiple file types, such as the often-targeted Word or Adobe Reader documents. Although this means that blocking data is non-secure and easily decryptable, until that decryption takes place, the user can't open the associated files. The DriedSister Ransomware also denotes this media by appending '.下物妹!' extensions to every name. This Japanese phrase is a play on words that references the concept of a woman who's given up on love.
The Trojan also creates a pop-up that gives no ransom or decryption-related information but does continue playing on the theme of self-indulgent femininity. The window provides some self-identifying text, an image associated with the 'Himouto! Umaru-chan' comic property, and a currently-unused timer. Since malware experts are finding no self-financing aspects with the DriedSister Ransomware, it may be a work-in-progress, a programming student's project or a joke program.
Imprisoning Your Files with a Cheap Lock
Fortunately, the DriedSister Ransomware uses a fixed and, therefore, much less secure encryption attack than that of most file-locking threats. It also includes a hidden decryption feature. Victims who run the program through a command-line interface and use the argument '-recover' can force the DriedSister Ransomware to unlock every file that it blocked previously. Free decryption software and backups are the alternate recovery options malware experts recommend for other, more common circumstances, where breaking the encryption is time-consuming or impossible.
The DriedSister Ransomware's executable is a highly-portable, small-sized Windows program. It has no significant defenses against any default threat-detecting heuristics, although malware researchers can't identify any live infection vectors for its campaign if it has any. Trojans with similarly low-levels of professionalism may circulate via file-sharing networks and websites offering free downloads of illicit content. Keep your anti-malware products active and fully-patched for deleting the DriedSister Ransomware before it causes any encryption damage to your local media.
The DriedSister Ransomware may be no more than a gag program, or it may be the start of a threat whose sophistication could evolve, over time. What's sure is that running unknown programs blindly is no way to keep your files secure from tampering by threat actors who don't care if you can get them back.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.