Atchbo Ransomware
Posted: October 11, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 23 |
| First Seen: | October 11, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The Atchbo Ransomware is a file-locking Trojan that can block pictures, documents, and other media by encoding it with a cipher. This Trojan also delivers ransom notes that include bluffs of its being capable of deleting content to dissuade the users from uninstalling it. Users should block or remove the Atchbo Ransomware with anti-malware products to protect their files, and keep backups for reducing any chances of data loss to a minimum.
Trojans Updating Their Ransoming Repositories
The relative scarcity of entirely independent, file-locking threats like the Exolock Ransomware may make victims less likely to encounter them but doesn't weaken these Trojans' potentially damaging attacks. Now, behind the scenes changes to this Trojan's ransoming business infrastructure are causing a new build to be distributed in its place: the Atchbo Ransomware. The Atchbo Ransomware variant is capable of locking files by encrypting them similarly, and the only change to its ransom demands that malware analysts can verify is its new Bitcoin wallet.
The Atchbo Ransomware uses a Rijndael or AES-based algorithm for encoding and blocking different file types, which it does without displaying an external program GUI for the user's awareness. Typical formats of media that malware analysts find under attack by these payloads regularly include Adobe's PDF, Word's DOC, Excel's XLS, and images like BMP or JPG. The Atchbo Ransomware also uses a minor variation of the previous extension (changing from 'exolocked' to 'exo') for inserting into the names of all the content that it locks.
The Trojan does include more visible UI elements after completing its data-locking attack, including creating Notepad messages that it places on the Windows desktop, as well as an interactive pop-up with a hyperlink to a Bitcoin provider, and its threat actor's wallet. The Exolock Ransomware modifies the latter address from the previous one in use, although the Atchbo Ransomware's messages have no other changes and, still, claim that the Trojan will erase your files if you try to close it or reboot.
Keeping Ahead of New Releases of Old Trojans
In spite of its being the second, major release of the Exolock Ransomware, the Atchbo Ransomware has no real changes to its essential, data-enciphering attacks or its extortion methodology. Even though the Bitcoin price of its con artists-sponsored decryptor is lower than usual for threats of this category, malware analysts still discourage paying, as long as any other recovery options are untested. Free decryption utilities may provide non-costly means of unlocking your files, and scheduling secure backups can keep your media from being held hostage at all.
The Atchbo Ransomware's installers are utilizing ZIP-based compression to conceal themselves and may circulate through torrents, corrupted websites or email attachments. The Trojan is a Windows-centric threat and is incompatible with other operating systems, but malware experts do see Trojans with similar payloads for Apple and Linux-based PCs. A majority of anti-malware brands can detect and eliminate the Atchbo Ransomware's current release, although most companies identify it heuristically (as a generic threat).
The Atchbo Ransomware's persistent warning that acting in your best interest will cause more harm to your PC is a common abuse of social engineering techniques. The con artists have every reason to lie about what their Trojans can do, especially with ones like the Atchbo Ransomware, which put at least as much time into the appearance of danger as they do with the reality of it.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.