Atom Ransomware
Posted: September 14, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 59 |
First Seen: | September 14, 2016 |
---|---|
OS(es) Affected: | Windows |
The Atom Ransomware is an updated variant of the Shark Ransomware and includes most of that threat's features, such as encrypting your files and creating extortion messages. The Atom Ransomware's distribution model uses third parties that may implement unpredictable install exploits, although blocking this threat can prevent your PC from suffering from a potentially unrecoverable loss of data. Detecting this Trojan beforehand or removing the Atom Ransomware after its installation always should be delegated to your dedicated anti-malware utilities.
From Sea Life to Science, a Trojan Re-Branded
Even when a threat author chooses to load much of the responsibility of a campaign onto a series of affiliates, the business model of profiting from threatening software is often contentious. Many threat creators choose to adapt to issues in a campaign by re-branding their products, but, otherwise, changing little about them, as malware experts see in the evolution of the Shark Ransomware to the Atom Ransomware. This new version of the Trojan analyzed last month uses a slightly more secure Web infrastructure than its recent ancestor, although the hosting remains WordPress-based.
Its creators sell the usage of the Atom Ransomware to other threat actors, who use the generator kit for creating custom executables. Configurable variables include the types of data the Atom Ransomware targets, the ransom to demand from a victim, and the Bitcoin address the Atom Ransomware's creators will use to transfer a fair percentage of the ransom money theoretically. The means of distributing and installing the Atom Ransomware also is left entirely up to the affiliate.
Like the Shark Ransomware, the Atom Ransomware uses an AES-based algorithm to lock your files through an encryption routine that encodes their internal data. The ransom message the Atom Ransomware generates for collecting its money and (potentially) helping victims buy into a working decryptor includes a countdown to facilitate rapid payments.
Splitting an Atom Ransomware without Cutting into Your Personal Funds
The Atom Ransomware's predecessor is mostly notable for taking the unusual step of reaching out to con artist affiliates through a blog-based domain, instead of the TOR sites that most threat authors prefer (due to its improved anonymity protection). Although the Atom Ransomware's authors have taken steps for enhancing the privacy of their business, interested researchers still can glean some details of its operations from the Trojan's website. Sources verifiable by malware experts also indicate that the Atom Ransomware installations are on the rise as of the fourteenth of September.
Average PC users can protect themselves from the Atom Ransomware attacks by blocking the original installation attempt through the usual security programs, such as anti-malware scanners capable of analyzing their downloaded files. Backups also can give a victim a means of restoring content while also ignoring any need for reversing (AKA decrypting) the Atom Ransomware's encryption attack. Free decryption tools sometimes are made available to the public, but the difficulty of decoding can vary dramatically between the different Trojan families.
Updates like the Atom Ransomware show vulnerability on the part of a Trojan's creators but also stress the need for due diligence on the part of PC owners. Outdated security software can have issues with removing the Atom Ransomware, or other, minor variants of old threats. Keep your software current to equalize your PC security with the updates of any threat campaigns.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.