Comrade HT Ransomware
Posted: October 24, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 84 |
| First Seen: | October 24, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The Comrade HT Ransomware is a variant of Hidden Tear, a Trojan that searches your directories for files of specific formats, such as documents, to lock by encoding them. The Comrade HT Ransomware's authors are using these attacks to collect ransoms through the associated messages they drop on compromised PCs, although malware experts recommend against paying it. While most anti-malware programs include databases capable of identifying and removing the Comrade HT Ransomware, and other HT clones, only backups are best able to preserve any media that's under attack.
A Duplicitous Comrade in Crime
Trojans with the ability to damage files permanently by encrypting them are, in and of themselves, more than threatening to the average user sufficiently. However, unpredictable management and ill-minded behavior have the potential to raise the stakes of such attacks, as with the Comrade HT Ransomware. This Trojan is an otherwise conventional duplication of Hidden Tear, with minor updates making it more suitable for extorting money, but also a penchant for throwing away the key to recover your files.
The Comrade HT Ransomware enciphers media formats, including documents, audio, archives, spreadsheets, and similar content, with an AES or Rijndael cipher. While no pop-ups or other notifications appear during this attack, any files that the Comrade HT Ransomware locks will display new '.comrade' extensions in their names, instead of any preexisting ones. They only can open again after the user decrypts them, which requires both a decryption program and the custom code to the algorithm.
The text messages that the Comrade HT Ransomware place on the user's desktop contain such traditional ransoming details as asking for the Bitcoin cryptocurrency and giving a time limitation for paying to get the decryption service. However, malware experts are verifying that samples of the Comrade HT Ransomware send all decryption keys to a placeholder 'scam.php' address currently, instead of a regular C&C domain. This minor detail implies that the threat actors aren't saving the code required for restoring your files while still soliciting payments that they will not need to refund.
Choosing Your Computer's Comrades Wisely
Malware experts are associating the Comrade HT Ransomware installers with executables using fake Microsoft software credentials for Windows desktop apps. Users downloading new software matching this description should be diligent about verifying their download sources and avoiding trusting freeware from phishing websites or potentially forged e-mail messages. Some threat actors also try to distribute file-locking Trojans through torrents and fake links to pirated media, such as cracked games.
Contacting security researchers with expertise in encryption-specialized threats like the Comrade HT Ransomware may help some victims gain access to compatible decryption applications and is recommended by malware experts instead of paying any ransoms. Since the Comrade HT Ransomware can't damage any files on detached or password-protected drives, cloud or USB-based backups also can offer recovery options that are more certain of succeeding than a Bitcoin payment. Ideally, an updated anti-malware product can eliminate the Comrade HT Ransomware before it begins damaging any media but also may uninstall it afterward.
There's always an element of uncertainty in trusting a harmful business operation to abide by the terms of any under-duress agreement. Whether the Comrade HT Ransomware is a tactic or just highly reminiscent of one, it's taking money for problems that it causes, thanks to poor security practices by its victims.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.