AnDROid Ransomware
Posted: March 30, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 89 |
| First Seen: | March 30, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The AnDROid Ransomware is a Trojan that uses the AES encryption to lock your files, following the attack with a screen-locking message for promoting ransom negotiations with its threat actor. PC users can retrieve their media through multiple, free methods as described in this article. However, prevention always should be attempted beforehand with anti-malware products that can prevent all file damage by identifying and removing the AnDROid Ransomware.
Seeing Your Files in the Grip of an Android
Harmful encryption is notorious for being straightforward to turn into an effectively irreversible form of file damage that twists one mistake into permanent data loss. Although the new AnDROid Ransomware preys on victims who make such assumptions, its internal code doesn't back up its warnings with the defenses that malware analysts expect of such threats. Possibly due to being based on the previous 'Dumb' Ransomware, the AnDROid Ransomware uses an insecure ciphering method that the researchers in the anti-malware sector broke almost immediately.
In spite of its name's implications, the AnDROid Ransomware is compatible with Windows environments. After infecting the PC by means malware analysts have yet to corroborate, the AnDROid Ransomware scans for and encrypts files by using an AES algorithm. All locked content is discernible with the '.android' extension that it places on all filenames.
The AnDROid Ransomware also blocks the users from their desktops by launching a ransom note-based pop-up with an animated skull. The pop-up makes the comparatively unusual request of asking the victim to contact the threat actor with a Facebook profile link, where ransoming negotiations can occur. Unbeknownst to the victim, the AnDROid Ransomware's file-locking attack includes several vulnerabilities of significance. The AnDROid Ransomware's author most likely assumes that the screen locking function will prevent targets from making any further data-recovering investigations.
Kicking a Social Networking Skull to the Wayside
Trojans relying on code built by others can express that reliance as both a source of strength and a potential avenue of structural weakness. The AnDROid Ransomware falls more closely into the latter classification; independent researchers already confirmed that victims could unlock their desktops and decrypt their files by using the hard-coded key of '62698b8ff9e416d9a7ac0fb3bd548b96' in the message box's input field. For victims who have disinfected their PCs without recovering all enciphered media, others in the security sector have updated the latest freeware version of the Stupid Ransomware decryptor. In either case, paying ransoms or honoring other con artist requests is unneeded for recovering your files.
Current samples of the AnDROid Ransomware provide minimal information on their distribution, although malware experts haven't seen traces of the Trojan before late March. Con artists may bundle the AnDROid Ransomware with another download that they distribute through torrents, use Exploit Kits to install it automatically or conceal it inside of spam e-mails. Threat databases among security industry products are just beginning to identify this Trojan, and you should keep your anti-malware programs updated to help them delete the AnDROid Ransomware with optimal accuracy.
Splashing an intimidating warning on your screen to keep you from researching all your recovery options is a commonplace social engineering exploit. Remembering to stop and think before you take a step like giving con artists money for your files is never unwise, especially with often-fraudulent threats like the AnDROid Ransomware.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.