3301 Ransomware
Posted: August 4, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 20 |
| First Seen: | August 7, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The 3301 Ransomware is a new member of the Karmen Ransomware family, a group of Trojans that threat actors rent out to third parties for enabling file-encrypting attacks. Besides the blocked files, the symptoms of a 3301 Ransomware infection can include changes to extensions, pop-ups, and messages that ask you to pay money for a decryptor. You can protect your PC from this threat by backing up your files to drives that aren't at risk, along with using anti-malware products to remove the 3301 Ransomware proactively.
Holding Files at Gunpoint on a Week-to-Week Basis
While the Karmen Ransomware branch of Hidden Tear has been quieter than some sub-families of Trojans, there are recent signs of activity from this threat, which is likely related to new con artist 'customers' renting it. As a Ransomware-as-a-Service family, the Karmen Ransomware is semi-configurable, and its victims may see variants of it with slightly different symptoms or new names like the 3301 Ransomware. The 3301 Ransomware's admins also have bothered to maintain a ransoming site for the threat, which supports multiple languages and a crypto currency-based ransoming method.
Malware experts can't confirm the 3301 Ransomware's means of circulation, although a typical attack might disguise the 3301 Ransomware's installer in an e-mail attachment, brute force a server's login credentials, or use corrupted website scripts for loading drive-by-download attacks. After launching, the 3301 Ransomware enciphers files such as pictures, spreadsheets, documents, and other formats of media according to a previously-configured algorithm. Once finished, the Trojan announces its attack and redirects the victim to its ransom instructions via an included image.
The 3301 Ransomware's ransoming message, which claims to help the user unlock their files, uses a previous template from the Karmen Ransomware, with minor edits. It offloads most of the ransom-payment details to the accompanying TOR website, which requires the victim to log in with the custom ID that the 3301 Ransomware generates. Then, they can choose to pay a configurable amount of Bitcoins, supposedly for downloading the 3301 Ransomware's decryptor and key. The threat actors also are warning that ignoring the demand for a full week will cause the deletion of the key, potentially making your encrypted files irretrievable.
Wiping Out the Numbers You Don't Want to See on Your Files
Although the 3301 Ransomware does have some modest, graphical improvements to its ransoming components, other features appear to be little or not at all, from past versions of the Karmen Ransomware's collective. Its continuing support for multiple, diverse languages at different points in its extortion instructions imply that the threat actors may be delivering the 3301 Ransomware to the residents of more than one region, or are using infection vectors that don't discriminate geographically. Although the 3301 Ransomware does seem to still use the AES-256, like its ancestor program, malware experts are unable to verify a public decryptor that would let victims unlock their files at no charge.
Anti-malware products already proven against Hidden Tear, in general, and the Karmen Ransomware, in particular, also have the best chances of detecting the 3301 Ransomware before it can lock any files. Since local backups remain vulnerable to attacks by threats of this type, malware experts recommend storing any backups of importance on detachable devices or cloud networks with secure logins. Waiting until after you observe symptoms, such as unusable files, to remove the 3301 Ransomware only guarantees that your local content will suffer from damage that's difficult or even impossible to roll back.
Ransomware-as-a-Service is a durable, albeit illicit, model of doing business that lets one Trojan get used under many names. The 3301 Ransomware isn't any less threatening to your files than its 'parent,' the Karmen Ransomware, and the fact that other threat actors may be responsible for circulating it helps make it even harder to predict.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.