Anatel Ransomware
Posted: July 22, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 96 |
| First Seen: | July 22, 2016 |
|---|---|
| OS(es) Affected: | Windows |
The Anatel Ransomware is a Trojan that encrypts your files, such as documents and movies, and holds them hostage until its administrators transfer the decryption password to you. Most con artists use these attacks to bargain for ransom payments through an untraceable cryptocurrency, with malware analysts rating Brazilian residents as being especially at risk from the Anatel Ransomware campaign. Standard recovery tactics for this threat include removing the Anatel Ransomware, like any threatening software, with appropriate anti-malware tools, followed by restoring your encrypted content from an undamaged backup.
Conducting Telecommunications with a Trojan
The disguises Trojan delivery methods and attacks use may provide various clues about their developers and overall campaign strategy. Nowhere is this more evident than with the Anatel Ransomware, a file encryption Trojan that malware experts see conducting ransom attempts in Portuguese, but by using a Brazilian-specific agency. The Anatel Ransomware most likely uses the same e-mail attachment-based installation methods made famous by previous file encryptors, with the added disguise of pretending to be a notification from the Anatel (Brazil's independent, government-endorsed telecommunications manager).
Apart from its Telecommunications Agency theme, the Anatel Ransomware behaves similarly to most other file encryption-based threats. The Anatel Ransomware identifies files according to their extensions, such as AVI, TxT, WAV or ZIP, and modifies their internal data through asymmetrical RSA and AES algorithms. The insertion of a '.lok' extension onto each name also helps the victim detect these changes and determine what content is now unusable.
The Anatel Ransomware's ransom note redirects the victim to e-mail communications without specifying its ransom, a tactic that malware researchers also see in previous Trojan campaigns. Most con artists will demand a variable Bitcoin sum starting from a minimum of several hundred dollars in USD value before delivering any decryption help. Another notable facet of the Anatel Ransomware's message is a passing reference to the hacker-activist group Anonymous, which could frighten victims into rushing to pay.
Stopping Fake Agencies from Locking Your Personal Business
Despite all the trappings of its messages and installer choices, the Anatel Ransomware is not a product of Brazil's actual Anatel agency. Malware analysts also see no significant connections between its developer team and the Anonymous hacktivists. For Brazilian PC owners, scanning potentially corrupted attachments can let their security software detect many of the most common Trojan droppers, including those that may carry the Anatel Ransomware.
Symptoms of the Anatel Ransomware include a few, scant Registry changes and a high-visibility ransom message, which the Anatel Ransomware loads automatically in a plain text format. Casual PC users should refrain from modifying the Registry carelessly, which can prevent essential components of their operating system from loading themselves. Use anti-malware suites and other, dedicated security products for scanning your PC and removing the Anatel Ransomware.
The PC security sector has yet to develop any free decryptors for the Anatel Ransomware's relatively new campaign. Until such a time comes to pass, you can protect your data from encryption-based hostage crises by keeping copies on a safe backup. For their part, malware analysts continue maintaining an interest in the Anatel Ransomware for its potential indicator in a shift in Brazil-based threat campaigns from banking Trojans to alternative means of soliciting revenue.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.