Blooper Ransomware
Posted: June 1, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 76 |
First Seen: | May 31, 2017 |
---|---|
OS(es) Affected: | Windows |
The Blooper Ransomware is a Trojan that imitates the attacks of the WannaCryptor Ransomware, which can block your files until you transfer its ransom. Unlike the Trojan it pretends to be, the Blooper Ransomware doesn't encrypt anything, and malware experts note that no exceptional recovery strategies should be necessary. Remove the Blooper Ransomware with whatever brand of anti-malware software you trust most for identifying more serious threats that may be assisting the Trojan's installation.
Trojans Announcing Themselves Loud and Falsely
For most Trojans that extort money via encryption-related warnings, hiding their data-encoding attack is secondary only to a successful installation for being something that should take place in stealth. Recent samples of a new Trojan, the Blooper Ransomware, use the opposite approach: letting the victim know what's happening while the attack takes place, but describing it without accuracy deliberately. In either scenario, the last phase is receiving ransoms from a victim who pays them in vain.
The Blooper Ransomware is a Windows-based application whose install exploits still are being investigated, with the most probable infection vectors consisting of e-mail attachments, corrupted website scripts and freely downloadable bundles. When it launches, the Blooper Ransomware generates a window object with a fake progress bar that claims that the program is encrypting your files. After cycling through a second pop-up, it ends by loading a ransom note similar to those of the WannaCryptor Ransomware (AKA '.wcry File Extension' Ransomware) family eventually.
This last pop-up has many of the features one might expect from a file-encrypting Trojan, such as a decryption button, a field showing the threat actor's wallet address, a timer, a support button, and text demanding that you pay Bitcoins for decrypting your data. However, malware experts can confirm that the Blooper Ransomware is missing the most important feature of such threats: the actual, data-encoding attack.
Avoiding the Blooper of Paying for an Imaginary File Recovery
Anyone with even a surface-level understanding of how the threat industry operates should be suspicious of the Blooper Ransomware, which announces its supposed encryption routine instead of hiding it (such as by using a fake update screen, a la BlackSheep Ransomware). Since the Blooper Ransomware's attacks consist only of its misinforming pop-ups, users can close them without needing to buy or otherwise find a decryption utility for unlocking their files. Malware analysts see no other attacks occurring in current payloads for the Blooper Ransomware, making it a low-level threat.
Even though it's not as threatening to your PC as a real file-encrypting Trojan like EDA2, the Blooper Ransomware's presence may correspond with that of another threat with Trojan-downloading features. Use anti-malware programs to a compromised PC and uninstall the Blooper Ransomware, which also should determine whether or not other Trojans are on the system. In the case of any real damage occurring, such as due to the Blooper Ransomware's upgrading, you should use free decryptors or backups to recover them without a ransom.
In some ways, the threat industry's nature is circular and feeds on itself. The growth of file-encrypting Trojan campaigns also correlates with the rise of Trojans like the Blooper Ransomware, pretending to be something they're not to get the same payout for even less work.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 59.34 KB (59344 bytes)
MD5: 16ada51dc0a062f8608da8922b0fc9f8
Detection count: 17
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 31, 2017
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.