CA$HOUT Ransomware
Posted: June 13, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 91 |
First Seen: | June 13, 2017 |
---|---|
OS(es) Affected: | Windows |
The CA$HOUT Ransomware is a Trojan that may damage your files with an encryption-based cipher to force you to pay its ransom. Symptoms can include pop-up ransoming messages, extensions changes on various filenames, or the hijacking of your desktop's wallpaper. Users can protect their PCs by deleting the CA$HOUT Ransomware with automated anti-malware protection and recovering their files, if encrypted, from a backup.
Your Files for Your Cash, with Bugs In-Between
A new threat actor by the name of Johannes is working on an independent Trojan with the aim of locking, and then, ransoming, files on random PCs. While this Trojan's development is incomplete, malware experts have seen some features of the CA$HOUT Ransomware's payload proving themselves functional and potentially threatening. Infections may not display any symptoms until the CA$HOUT Ransomware is done enciphering all of your documents and other media necessarily.
The CA$HOUT Ransomware is a Windows-based program with minimal protection from conventional detection methods, but it often is mistaken for being a backdoor Trojan (a Trojan using network connections to give remote attackers control over the PC). Malware experts are estimating that current versions of the CA$HOUT Ransomware are prototypes, due to hard-coded requirements for highly-visible files in specific locations, such as the desktop, that would alert the user.
Ultimately, Johannes most likely will include data-encrypting attacks in the CA$HOUT Ransomware's payload that could block files such as pictures, documents, archives or spreadsheets. However, the only attack that malware experts can verify as working is the CA$HOUT Ransomware's pop-up window, which shows its interactive ransoming demands. The CA$HOUT Ransomware also gives the victim a limit of three days to pay before the threat actor deletes the essential key for decrypting and restoring your content.
Tripping Up a Trojan's Attempt to Cash out on You
Bugs from incomplete code could warn a victim to a CA$HOUT Ransomware infection, due to 'unhandled exception' errors, and similar notifications. However, such warnings aren't likely to remain in a full-release build of the CA$HOUT Ransomware that its author is distributing to the public in general or targets like particular business servers. Having the foresight to backup your files and protect your PC with anti-malware protection can block the CA$HOUT Ransomware's damages or remove the Trojan when it tries to compromise the system.
Con artists often disguise file-encrypting Trojans by designing fake documents using macros to install their threats. Other attacks can exploit generic, script vulnerabilities to download threatening software via exploit kits that don't need your overt consent. Until the CA$HOUT Ransomware's campaign reaches a propagation stage, malware experts can suggest only disabling scripts and macros, when they're not required, and using security products for scanning any files warranting your distrust. Updating the databases of your anti-malware programs also can assist them with deleting the CA$HOUT Ransomware, and similar, newly-produced threats of no known lineage.
The CA$HOUT Ransomware may lack the bloodline of a famous family like EDA2 or the Globe Ransomware, but fame doesn't correspond with the damage a Trojan can cause. Preemptive security routines and good Web-browsing behavior are, as always, essential to make sure that con artists don't make money off of what's yours.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.