Al-Namrood Ransomware

Posted: September 30, 2016

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Ranking:	17,328
Threat Level:	10/10
Infected PCs:	1,265

First Seen:	September 30, 2016
Last Seen:	September 30, 2023
OS(es) Affected:	Windows

The Al-Namrood Ransomware is a member of the Apocalypse Ransomware family, following after the release of the previous SecureCryptor Ransomware. All of these Trojans encrypt your data and load messages leading into ransom negotiations for the decryptor that will restore the content. Adhering to thorough backup schedules and using anti-malware products for blocking or removing the Al-Namrood Ransomware infections are the procedures malware experts most recommend against this campaign.

The Term 'Nimrod' Gets a New Meaning

Although North Americans most likely know the phrase 'nimrod' as an insult, the Arabic translation of that historical king's name also has become a banner for anti-religious music. Now, the group of threat authors responsible for the Apocalypse Ransomware has updated the threat campaign with that same theme. Despite its cultural implications, the Al-Namrood Ransomware is targeting English-speaking victims currently.

Malware researchers only confirm the Al-Namrood Ransomware attacks against systems using remote desktop features, which may allow con artists to gain remote control over the PC via non-threatening software. Once they gain access, they install the Al-Namrood Ransomware, which targets various files for being encrypted and converted into an unreadable format. Samples of the Al-Namrood Ransomware add the 'unavailable' extension to the encrypted data and also create an extortion message in text for each file thus affected currently.

The Al-Namrood Ransomware's note threatens the victim with a vague time limit of a 'few days' to pay its ransom before the con artist deletes the decryption key. Each message also includes a custom ID number, required for the decryptor. Poor grammar in the note implies that its authors are using automated translation tools from other languages, which also indicates the potential for the Trojan's distribution in other regions of the world.

Getting the Metal out of Your Files

The computer security industry has published one functional decryptor for the Al-Namrood Ransomware, although the Trojan's victims are reporting mixed results. PC users could take the chance of decrypting single copies of valuable data either via paying con artists or using the freeware decryptor). However, they also could follow the recommendations of malware researchers by keeping spare copies in backup locations, such as any cloud service.

The Al-Namrood Ransomware campaign has close connections to weak network security protocols, such as simple passwords and disabled firewalls. Using complex, routinely-switched passwords and other network security steps can stop a con artist from gaining remote access to your PC. Systems using RDP features especially are of note as being high priority targets for the Al-Namrood Ransomware, the Cerber Ransomware and similar Trojans.

Even though anti-malware tools can delete the Al-Namrood Ransomware, decrypting an encryption attack sometimes is impossible. PC owners uninterested in being the new nimrods in this campaign should watch their network security settings for vulnerabilities that con artists could exploit.

Al-Namrood Ransomware

Threat Metric

The Term 'Nimrod' Gets a New Meaning

Getting the Metal out of Your Files

Leave a Reply