3nCRY Ransomware
Posted: September 12, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 11 |
| First Seen: | September 13, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The 3nCRY Ransomware is a Trojan that may encrypt your files to keep them from opening while it extorts money from you. Such attacks are most likely of targeting media such as documents, spreadsheets, and pictures, and may target both recreational PC users and business, NGO and government networks. Having a backup located externally can reduce this threat's bargaining leverage, but you should delay restoring any data until after your anti-malware protection uninstalls the 3nCRY Ransomware.
A Dirty Deed Communicated in Many Tongues
The regular templates for Ransomware-as-a-Service or RaaS, as an industry, specialize in conducting attacks against particular targets, which determine the nature of the ransom payments and even the languages used for communicating. Some Trojans, nonetheless, are happy to swerve out of this labor-saving standard and, instead, include relatively generic payloads that could affect victims with wildly different characteristics, including recreational systems, government or business networks, or different nationalities. The result often looks like the 3nCRY Ransomware, a file-locking threat so new that its sample availability remains questionable.
The 3nCRY Ransomware conducts attacks using an encryption function with an algorithm that malware experts have yet to confirm, although AES is typical of threats of its kind especially. The encryption function scans for media that it can filter based on either the content's location or format (such as JPG, GIF, DOC, or XLS), and may include any network-accessible storage. When it locks a file by encoding it, the 3nCRY Ransomware also appends a '.3nCRY' extension at the end of the name.
The 3nCRY Ransomware completes its payload with a Notepad file that it can drop into the same directory as any blocked media or on the user's desktop. Most details in this text message are typical for file-locking Trojans' traditional business models, including a timing limitation on paying for the decryptor and asking only for Bitcoins. However, the 3nCRY Ransomware's threat actors aren't using one of the longer notes expected from families like the CryptMix Ransomware and include support for five languages simultaneously: Chinese, English, Portuguese, Spanish and Russian.
Keeping the Crying over Files to a Bare Minimum
While the 3nCRY Ransomware's ransom note is more convenient for its threat actors than using a range of custom-crafted ones, it also provides some hints as to the victims that the campaign is likely to compromise. PC users of the nationalities noted previously should be cautious about Web content that could introduce the 3nCRY Ransomware to their PCs especially, such as email attachments pretending to be invoices or website scripts concealing drive-by-download attacks. Scanning downloads with appropriate security software can detect threats of this type before their installation happens, and a secure backup can remove the 3nCRY Ransomware's chance of holding your media hostage.
This threat's campaign is in an early stage, and malware experts have yet to analyze the 3nCRY Ransomware's compatibility with free decryption solutions. All victims should avoid paying the ransom, if possible since the con artists prefer using crypto currencies like Bitcoin to keep refunds from occurring when they don't provide any data-unlocking help. Blocking and deleting the 3nCRY Ransomware with default security solutions can avoid any risk of irreversible data encryption.
The 3nCRY Ransomware's name and symptoms may be referential of the '.wcry File Extension' Ransomware family, but this family also sees numerous imitators. Users should be careful not to take recovery steps that make too many assumptions about the 3nCRY Ransomware's identity or encryption cipher, both of which still require further investigations.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.