aZaZeL Ransomware
Posted: June 23, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 49 |
| First Seen: | June 23, 2017 |
|---|---|
| Last Seen: | May 14, 2020 |
| OS(es) Affected: | Windows |
The aZaZeL Ransomware is a Trojan that locks your files so that it can force you to purchase its decryption application. Although such applications may or may not provide viable data recovery, malware experts recommend using more reliable and free alternatives, when possible, such as restoring from your latest backup. Most dedicated anti-malware products should be able to remove the aZaZeL Ransomware either after its attack or before it infects your computer.
Trojans Putting a Judaic Twist on Their Hostage Snatching
Late June is seeing the rise of another prospective campaign dealing out non-consensual extortion to try and profit from the content that it locks. This new threat, the aZaZeL Ransomware has had no verifiable infections in the business sector or with other, likely targets, although its encryption feature seems functional. Components of this Trojan also imply that its threat actors are planning on deploying it as part of a relatively large campaign, possibly even via a botnet.
The Hebrew-themed the aZaZeL Ransomware (whose name references the ancient ritual of scapegoating and most likely was chosen for intimidation purposes purely) uses an unidentified encryption method to lock different files on your PC. Traditionally, malware analysts recognize documents and other, work-related media being likely of being encrypted especially, along with media like pictures or compressed archives. As part of the feature, the aZaZeL Ransomware also flags the names of all illegible content with the '.Encrypted' extension, which it inserts after the old one.
Although the aZaZeL Ransomware uses a similar extension string as other, file-encrypting Trojans, victims also can identify it via the Notepad message it creates. This note is nearly identical to some instructions in use with the Globe Ransomware family previously and requests payment through Bitcoins for unlocking your files. The low fee that its threat actors require is suggestive of the aZaZeL Ransomware's not being meant for compromising corporate targets, although small business and recreational PC users remain at possible risk.
Putting Trojans out to Pasture
Because of how early in its campaign development the aZaZeL Ransomware is, how its threat actors plan to distribute it isn't verifiable, nor can malware experts confirm the Trojan's being compatible with any free decryptors. Copying encrypted media before trying to restore it can prevent victims from causing any other, irreversible damage to their files. Because decryption availability always is a gamble, most users who need to defend their data from these attacks should invest in backups.
Threat actors use a range of methods for distributing Trojans with file-encrypting features, encompassing website exploits, e-mail attachments, brute-forcing passwords, and bundling the malicious software with free downloads. Most anti-malware products include features for isolating and preventing these attacks, although password management and download behavior always are up to the user to monitor. Because of the uncertainty of free decryption, blocking the aZaZeL Ransomware with anti-malware protection, instead of removing the aZaZeL Ransomware infections afterward, always is the default recommendation of malware experts.
Whether the aZaZeL Ransomware's creator is another client for the Globe Ransomware's RaaS business model or not, new Trojans mean new infiltration methods and security risks. Neglecting backing up your files or scanning new downloads is just what threat actors like the aZaZeL Ransomware's author want from their future victims.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.