ATLAS Ransomware
Posted: April 20, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 17 |
| First Seen: | April 20, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The ATLAS Ransomware is a minor variant of the file-encrypting CHIP Ransomware, which locks files, such as documents, by enciphering them. Symptoms for identifying and the ATLAS Ransomware infection include various changes to the names of all encrypted media, as well as the presence of text messages ransoming the decryptor. Decryption can be impossible for threats of this category, which is why detecting and removing the ATLAS Ransomware with anti-malware products before it scans your hard drive is the recommended solution.
Last Year's Trojans Throwing Their Chips Back into the Pot
Although file-encrypting Trojans often change their names, the code threat actors use in their attacks is somewhat less subject to frequent fluctuation. Old brands of threatening software often may see reuse almost in their entirety such as the transition from the 2016's CHIP Ransomware to the 2017's ATLAS Ransomware. In both cases, the immediate risk is the possibility of losing data on your PC as the Trojan locks it with a secure, non-symmetrical encryption method.
In comparison to the older Trojan, most of the ATLAS Ransomware's changes are aesthetic, including different extensions on the files it holds hostage and an updated ransoming message. The Trojan encrypts content including Excel spreadsheets and Adobe PDF documents with a combination of the AES and RSA-512 algorithms, rendering them locked indefinitely. Identifying all affected files also may be difficult, due to the Trojan's overwriting the original names with semi-random hash strings. To determine what content is locked, malware experts recommend searching your drives for the '.ATLAS' extension at the end of each filename.
The ATLAS Ransomware also creates Notepad text files containing messages from its threat actors. The ransom notes provide minimal information other than discouraging the use of third-party decryptors and providing several e-mail addresses for negotiating purposes. Con artists-provided decryptors often fail to function as intended and, in some cases, may not even be made available after the cash transfer.
Weakening the Grip of the ATLAS Ransomware on Your Files
Threat actors maintaining the ATLAS Ransomware's development also have existing ties to the RIG Exploit Kit, particularly for deploying file-encrypting threats like this Trojan's immediate ancestor. Such attacks can take advantage of passive vulnerabilities on your Web-browsing software and install the ATLAS Ransomware automatically. Being cautious about which features you enable on suspicious websites and having an anti-malware product that includes unsafe URL-monitoring can block many of these attacks.
The encryption routine in use by the ATLAS Ransomware and the CHIP Ransomware is not at risk of being cracked by third-party researchers in the security sector notably. Always back your files up to secondary devices or cloud servers to reduce any potential the ATLAS Ransomware has for causing data loss that you can't recover from in full. Since the encryption function isn't instantaneous, there also is a window of time for anti-malware products to find and remove the ATLAS Ransomware safely.
The ATLAS Ransomware is an expected byproduct of an underground industry that profits from hiding its history and faking the sophistication behind their file-ransoming attacks. The security standards and products that are capable of protecting your hard drive from CHIP Ransomware should remain functional here, keeping the question of paying ransoms out of consideration.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.