CryptoSpider Ransomware
Posted: June 16, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 7 |
| First Seen: | June 16, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The CryptoSpider Ransomware is a modified Trojan from the Hidden Tear family, which demonstrates the potency of file-encrypting attacks and their accompanying ransom tactics. Infected PCs may show symptoms such as being unable to open files, hijacked background images or pop-ups asking for money. Free decryption programs and backups can help you recover anything that the CryptoSpider Ransomware damages and various anti-malware products may remove the CryptoSpider Ransomware while protecting your computer.
The Itsy Bitsy Trojan Crept Up into Your PC
A threat actor is building a new edition of Hidden Tear to compete with the dozens of already existing ones on the Web. However, its authors appear to be designing the campaign with more than a minimum of effort and include some graphic design elements and strong brand imagery to support the payload. This new CryptoSpider Ransomware is incomplete but would require little extra work before being viable for distribution.
The CryptoSpider Ransomware could compromise a PC through such methods as exploit kits running through your Web browser or e-mail attachments that install the Trojan via document-based security loopholes. Malware researchers recommend looking for symptoms encompassing all of the following attacks, many of which the CryptoSpider Ransomware shares with other Hidden Tear variants:
- Your PC's background wallpaper may reset itself to a BMP graphic that the CryptoSpider Ransomware drops. The image displays a generic 'hacked' alert, along with the Trojan campaign's mascot, a 'Mr. Ghost C-47' cat.
- The CryptoSpider Ransomware may deliver demands for ransom money to provide you with a decryption key for reversing its data-damaging attack (see below). It can convey its extortion instructions through Notepad files, HTML pop-up windows and similar text.
- Before showing any of these symptoms, however, the CryptoSpider Ransomware also encrypts different files on your PC, typically focusing on graphical, audio and text-related media. Victims may tell which files are non-working by searching for the '.Cspider' extensions that malware researchers don't connect with any other Trojan campaigns.
Untangling a Web of Underground Money
Because the CryptoSpider Ransomware has no verifiable incidents of attacking possible victims, like for-profit business servers, its author is likely still to be polishing its payload, such as the ransom transaction mechanisms. Despite its incompleteness, malware researchers warn that the CryptoSpider Ransomware could be in deployment almost immediately, using file-damaging attacks that may not be by fixable with generic Hidden Tear decryptors necessarily. Although local backups always are at high risk of being deleted by file-encrypting threats, remote ones should let you restore everything after you disinfect the PC.
User error often is at fault for the security compromises of any device, but particularly for campaigns with threats of this classification. Malware researchers suggest scanning all downloads, disabling non-essential browser scripts, and keeping document macros turned off, to help protect your PC. The Hidden Tear family isn't notably evasive or obfuscated, and most anti-malware programs should quarantine or uninstall the CryptoSpider Ransomware immediately.
The time that threat actors put into the visual design of their Trojans often correlates with how much use they intend to get out of them. Users should be ready to protect their documents and other media from new threats like the CryptoSpider Ransomware, which may crawl through the Web sooner, rather than later.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 762.88 KB (762880 bytes)
MD5: b18c5af696e8847241e4c17230db36c9
Detection count: 20
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 16, 2017