Home Malware Programs Ransomware Blooper Ransomware

Blooper Ransomware

Posted: June 1, 2017

Threat Metric

Threat Level: 10/10
Infected PCs: 76
First Seen: May 31, 2017
OS(es) Affected: Windows

The Blooper Ransomware is a Trojan that imitates the attacks of the WannaCryptor Ransomware, which can block your files until you transfer its ransom. Unlike the Trojan it pretends to be, the Blooper Ransomware doesn't encrypt anything, and malware experts note that no exceptional recovery strategies should be necessary. Remove the Blooper Ransomware with whatever brand of anti-malware software you trust most for identifying more serious threats that may be assisting the Trojan's installation.

Trojans Announcing Themselves Loud and Falsely

For most Trojans that extort money via encryption-related warnings, hiding their data-encoding attack is secondary only to a successful installation for being something that should take place in stealth. Recent samples of a new Trojan, the Blooper Ransomware, use the opposite approach: letting the victim know what's happening while the attack takes place, but describing it without accuracy deliberately. In either scenario, the last phase is receiving ransoms from a victim who pays them in vain.

The Blooper Ransomware is a Windows-based application whose install exploits still are being investigated, with the most probable infection vectors consisting of e-mail attachments, corrupted website scripts and freely downloadable bundles. When it launches, the Blooper Ransomware generates a window object with a fake progress bar that claims that the program is encrypting your files. After cycling through a second pop-up, it ends by loading a ransom note similar to those of the WannaCryptor Ransomware (AKA '.wcry File Extension' Ransomware) family eventually.

This last pop-up has many of the features one might expect from a file-encrypting Trojan, such as a decryption button, a field showing the threat actor's wallet address, a timer, a support button, and text demanding that you pay Bitcoins for decrypting your data. However, malware experts can confirm that the Blooper Ransomware is missing the most important feature of such threats: the actual, data-encoding attack.

Avoiding the Blooper of Paying for an Imaginary File Recovery

Anyone with even a surface-level understanding of how the threat industry operates should be suspicious of the Blooper Ransomware, which announces its supposed encryption routine instead of hiding it (such as by using a fake update screen, a la BlackSheep Ransomware). Since the Blooper Ransomware's attacks consist only of its misinforming pop-ups, users can close them without needing to buy or otherwise find a decryption utility for unlocking their files. Malware analysts see no other attacks occurring in current payloads for the Blooper Ransomware, making it a low-level threat.

Even though it's not as threatening to your PC as a real file-encrypting Trojan like EDA2, the Blooper Ransomware's presence may correspond with that of another threat with Trojan-downloading features. Use anti-malware programs to a compromised PC and uninstall the Blooper Ransomware, which also should determine whether or not other Trojans are on the system. In the case of any real damage occurring, such as due to the Blooper Ransomware's upgrading, you should use free decryptors or backups to recover them without a ransom.

In some ways, the threat industry's nature is circular and feeds on itself. The growth of file-encrypting Trojan campaigns also correlates with the rise of Trojans like the Blooper Ransomware, pretending to be something they're not to get the same payout for even less work.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



file.exe File name: file.exe
Size: 59.34 KB (59344 bytes)
MD5: 16ada51dc0a062f8608da8922b0fc9f8
Detection count: 17
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 31, 2017

Related Posts

Loading...