Angela Merkel Ransomware

Posted: November 15, 2016

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	42

First Seen:	November 15, 2016
OS(es) Affected:	Windows

The Angela Merkel Ransomware is a new member of the Exotic Squad Ransomware family. Like all branches of that family, the Trojan encrypts your file's with an algorithm intended to lock them out of being used until you pay its ransom. The Angela Merkel Ransomware has the potential to damage other software and data permanently, and using anti-malware protection to delete the Angela Merkel Ransomware during its installation is highly encouraged.

When Politics Comes into Your Computer

Many of 2016's file-encrypting Trojans have taken turns for the whimsical, with brands and themes suggestive of everything from hacktivist movements to popular television shows. Arguably, it was inevitable that a new Trojan with encryption for its payload would take up a political theme, as malware experts find while examining the Angela Merkel Ransomware. Although it doesn't appear to be an 'official' update of that family, the Angela Merkel Ransomware's code is nearly identical to that of the Exotic Squad Ransomware.

The Angela Merkel Ransomware targets files in specific locations, most often including the sub-directories within the Windows Users folder. Then, the Trojan encodes all data saved there with an encryption cipher, such as AES-128, making them unintelligible to all associated applications. Program files, such as EXE executables, are not exempt necessarily, which means that the Angela Merkel Ransomware could block other applications, requiring their re-installation.

theme of the Angela Merkel Ransomware's ransom campaign to sell a data decryptor back to its victims uses imagery of the controversial politician, Angela Merkel, along with a partially multi-lingual message targeting both German and English speakers. Malware experts also saw the Angela Merkel Ransomware leveraging massive extortion sums of over one thousand USD, meaning that the Trojan's campaign most likely is targeting major businesses or even government systems.

Casting Your Vote Against the Angela Merkel Ransomware

Fortunately, malware experts were able to confirm at least one of the Angela Merkel Ransomware's installation exploits: fake Chrome updates. These hoaxes are in a particularly close association with the drive-by-download attacks that exploit kits enact by scanning your Web browser for passive vulnerabilities. Simple defenses against an EK include keeping your browser patched, disabling in-browser scripted content, and having browser-monitoring protection.

In the future, free decryption of content already encoded by the Angela Merkel Ransomware may be possible. Previous Trojans from the same family use the '.exotic' extension, but the Angela Merkel Ransomware appends '.angelamerkel' as a thematic alternative. Since this Trojan's decryption possibilities are unclear, you should consider protecting your files with backups while relying on anti-malware protection for removing the Angela Merkel Ransomware proactively.

tTe Angela Merkel Ransomware's campaign tilts itself towards PC owners within the European Union, but, no matter where you live, ignoring backups of important work is as good as casting a vote for a con artist's profits.

Angela Merkel Ransomware

Threat Metric

When Politics Comes into Your Computer

Casting Your Vote Against the Angela Merkel Ransomware

Leave a Reply