BrainLag Ransomware
Posted: July 13, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 17 |
| First Seen: | July 13, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The BrainLag Ransomware is a Trojan that creates text-based ransom notes, hijacks your wallpaper, and locks your files by encrypting them. As a component of the Hidden Tear family, the BrainLag Ransomware may be compatible with freeware decryption solutions customized to that program, and malware researchers always recommend them over paying any con artist's ransom. Any anti-malware solution capable of identifying Hidden Tear's variants previously should be viable for deleting the BrainLag Ransomware equally before or after its file-locking attack.
A Look at Your Brain on Pixel Art Ransoms
The fad of 'retro' art in video gaming sometimes bleeds over into the threatening software sector, and even into variants of bedrock Trojan platforms like Hidden Tear. This group of file-blocking threats, which uses the AES encryption to barricade digital content until the victim pays, is being exploited by multiple, unrelated groups of threat actors. As a result, malware experts have yet to determine infection methods for the newest member, the BrainLag Ransomware, which not only locks your files but resets the Windows background for showing a gaming-inspired wallpaper.
The BrainLag Ransomware's administrator doesn't seem to have made any changes to the default encryption method, which uses the AES encoding for blocking different files, including documents, pictures, and Microsoft Office-affiliated media. The Trojan adds '.xdxdlol' extensions onto every file it enciphers, which is a tagline that malware experts haven't noted in other Hidden Tear variants. Although the encryption routine runs without any symptoms, afterward, the BrainLag Ransomware also hijacks the desktop wallpaper for displaying a pixel art image of the Grim Reaper, along with creating text messages.
The BrainLag Ransomware's text offers little information for the victim but does inform them of the encryption attack's occurrence. Since most con artists deploy file-encoding threats like the BrainLag Ransomware with accompanying Bitcoin or prepaid voucher-based ransom demands, malware analysts are assuming that the BrainLag Ransomware is in development. However, since its encryption is a derivative of Hidden Tear, its primary attack is fully operational and can block your files permanently.
The Benefits of Lagging on Extortion Payments
If the BrainLag Ransomware's author ever finishes developing this project, victims can anticipate receiving demands for payment to gain access to a possible decryption service. However, most versions of Hidden Tear are compatible with decryption software already available for free download. For threats with more secure encryption methods than that Trojan family, malware researchers also encourage maintaining backups on external devices or cloud services, either of which can prevent the BrainLag Ransomware from inflicting any irreversible encryption damage.
Infection methods vary between different groups of threat actors greatly, but Trojans of the BrainLag Ransomware's category often fall under one of the below themes:
- Forged e-mail messages may deliver corrupted attachments that they disguise as automatic notifications, including alerts from internal office equipment or delivery messages. When opened, these attachments can load exploits for installing the BrainLag Ransomware automatically.
- Website-based threats, such as the currently prominent RIG Exploit Kit, can scan for software vulnerabilities through an unprotected Web browser and initiate similar downloading attacks.
- Some threat actors prefer installing Trojans like the BrainLag Ransomware manually after they use another way to compromise your PC, including brute-force attacks or phishing for passwords.
Whether you block this threat's encryption attack or recover from an infection afterward, always use anti-malware products to remove the BrainLag Ransomware's removal and confirm the lack of other threats compromising your computer.
The BrainLag Ransomware's author may choose to let this Trojan remain incomplete or finish the work he's begun on creating a viable threat for deploying in a live environment. No matter what he does, however, Hidden Tear still is ripe grounds for coders with a vested interest in taking advantage of people who aren't protecting their files.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.