Cardsome Ransomware
Posted: December 13, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 2/10 |
---|---|
Infected PCs: | 5 |
First Seen: | September 4, 2022 |
---|---|
Last Seen: | December 27, 2022 |
OS(es) Affected: | Windows |
The Cardsome Ransomware is a Trojan that displays pop-up messages claiming that it's encrypting and blocking the files on your PC. Although the Cardsome Ransomware does include an encryption feature for locking content, the function is not yet complete and may not cause any damage to your files. Victims should ignore the ransom-paying demands of this threat and have their anti-malware programs remove the Cardsome Ransomware by any means necessary.
The Trojan that Wants a Blank Check Ransom
The tradition within the file-locking Trojan industry designates a fixed quantity for ransoms, which gives the victim a false sense of security that the threat actors will honor their word or behave similarly to real businesses. Even with more flexible threats, such as Russia's the Scarabey Ransomware, the cost of buying a (potentially fake) decryptor always uses specific scheduling and denominations. This basis of extortion is changing, now, with the Cardsome Ransomware, a Trojan that wants nothing less than your full credit card credentials.
The Cardsome Ransomware is a Windows software with significant features built-in but not yet finalized, such as an AES-128 encryption function for locking the user's media. If its author does finish building it, the Cardsome Ransomware may search for documents, pictures, and other formats and block them using the above cipher, and protect the key for that encryption with a second, RSA routine. Users may find the files that the Cardsome Ransomware is blocking by looking for the '.aes' extension, which the Cardsome Ransomware adds without erasing the original one (therefore, 'sunset.jpg' would become 'sunset.jpg.aes').
The Cardsome Ransomware does generate a Windows pop-up that may take up the entire screen or block essential parts of the user interface, such as your TaskBar. Although the Cardsome Ransomware's window includes a traditional ransom-based warning and a timer, its unique attribute is how it asks for the payment: via the victim's credit card information, including major brands like Visa and MasterCard. This ransom method, which our malware analysts emphasize as being highly unorthodox, could give a threat actor a 'blank check' to make charges indefinitely or sell the data to third parties.
Getting the Cybercrooks out of the Carding Game
File-locking Trojans usually depend on cryptocurrencies or vouchers for profiting from their attacks financially. However, the Cardsome Ransomware campaign operates as a niche of the carding sub-sector of the black market, with few strict limitations on any abuse of the associated payment data afterward. As a general rule, victims of similar attacks always should have credit cards with compromised information canceled, whether the leak is from non-consensual activity (such as a Trojan.TrickBot banking Trojan's infection) or consent under duress, like the Cardsome Ransomware's attack.
Any further implementation of encryption with the Cardsome Ransomware may or may not be secure from decoding by third parties. Malware experts recommend speaking with an experienced cybersecurity researcher specializing in file-locking threats to determine any chances for decryption without paying. In other cases, restoring from a backup after removing the Cardsome Ransomware with any appropriate anti-malware solution may be the only recovery option available.
Threat actors have every reason to lie about how safe it is to unlock your files by the methods they're recommending. You never should delegate saving your work to an illicit business entity, especially when the cost they ask for is a question mark.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.