AnonFive Ransomware
Posted: March 22, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 53 |
| First Seen: | March 27, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The AnonFive Ransomware is a new version of Hidden Tear: a Trojan made as a demonstration of threatening file-encrypting programming. This version of the threat has been updated to deliver custom ransoming notes to its victims, which have the choice of paying and hoping that they receive a decryptor or resigning their files to being unreadable. Backups and free decryptors are helpful for undoing this threat's attacks, although you always should delete the AnonFive Ransomware before it can infect your computer.
An Example of Future Dangers to Come
A new threat actor going by the alias of 'Cyryx' seems to be gearing up an independent file-ransoming campaign. Since current versions of his Trojan, the AnonFive Ransomware connects to a dummy Web address, it's unlikely that attacks are underway as of this article's publication date. However, the threat industry moves rapidly, and malware experts estimate that the AnonFive Ransomware could be ready for being deployed against live targets at any time.
The AnonFive Ransomware is another version of Hidden Tear, which is the Turkish researcher Utku Sen's 'example' of a file-encryption Trojan that became popularized as a baseline for developing real ones quickly. The Trojan includes all of the main features of that project, including network connectivity to a potential Command & Control server. However, the AnonFive Ransomware uses a test URL that isn't under the threat actor's control currently, meaning that further updates are in high anticipation before the campaign launches.
The AnonFive Ransomware (and other variants of Hidden Tear) uses an AES-based encryption method for locking your local files, such as images, documents, archives or spreadsheets. The '.anonfive' extension at the end of each filename helps victims determine what content is under encryption. Meanwhile, the AnonFive Ransomware also creates a Notepad message on the desktop that includes the threat actor's ransoming instructions. Malware experts recommend against making the Bitcoin-based payments of Trojans like the AnonFive Ransomware particularly, which contain no protections against the possibility of the recipient refusing to provide the 'purchased' services.
The Shocking Simplicity of Hidden Solutions to the Hidden Tear Attacks
The efforts of various security researchers have paid off in the development of free decryption applications for counteracting the Hidden Tear family. However, this family is numerous and often goes through handling by different teams of threat actors, and no decryption-based solution ever can be guaranteed without any reservations. To compensate for possible updates that may make the AnonFive Ransomware's more secure than those of its relatives, malware experts suggest that you use backups for all of your most valuable files. Although Windows does keep the default backup data, Hidden Tear-based threats like the AnonFive Ransomware also include a default deletion feature targeting these copies.
The highly prolific and diverse nature of Hidden Tear Trojans makes estimating their distribution methods into an exercise with daily new developments. Con artists may introduce the AnonFive Ransomware to a system after compromising its login credentials, by disguising the AnonFive Ransomware in an e-mail attachment, or by forcing its download via a Web page hosted Exploit Kit. The AnonFive Ransomware also uses a small and highly-transportable executable that is easily concealable as another type of file, although many anti-malware products have high rates for removing the AnonFive Ransomware successfully.
Only PCs compatible with the Windows software are at risk for the AnonFive Ransomware. For those who are in this large subset of users, a daily backup can be more than just a chore; it also can be the only thing keeping your work from being a source of undeserved revenue.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.