Cyron Ransomware
Posted: August 24, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 46 |
| First Seen: | August 24, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The Cyron Ransomware is a variant of FTSCoder, a group of Trojans using encryption and misinforming pop-ups to attack your PC. Along with encoding your files, the Cyron Ransomware also may claim to be a legal penalty for your Web-browsing history, although the Trojan has no affiliations with any nation's law enforcement. Malware analysts recommend that users have anti-malware programs capable of removing the Cyron Ransomware upon its detection and secure backups to undo any data loss it causes.
The Trojan Police are Coming with Spurious Accusations in Hand
Even though fake, police-themed alerts have been a favorite tactic of old Trojan campaigns, most Trojans of the current year prefer to take data hostage without putting much if any effort into misrepresenting the cause of the attack. For a rarity, however, malware experts confirmed recently samples of a Trojan fusing the two strategies: the Cyron Ransomware. Its choice of warning message uses the once-common threats of fictitious legal punishments to encourage paying while it also blocks local files to add even more incentive to the act.
The Cyron Ransomware derives most of its payload from the FTSCoder software, a Trojan family that also sees exploitation through threats like the WhyCry Ransomware and the BlackSheep Ransomware. In all cases, the Trojan's central feature is its encryption functionality, which encodes and locks content of formats ranging from GIF pictures and AVI videos to text documents like DOC. It also injects '.CYRON' extensions into the names of anything that it blocks.
The more uncommon feature from the Cyron Ransomware is the pop-up window it loads after finishing the above function to hold your media hostage. While other versions of FTSCoder also include pop-up displays, the Cyron Ransomware uses a customized image that claims that the system has a Web-browsing history associated with child pornography websites and that the file-locking attack is a legally-authorized punitive measure to resolve by paying a ransom. Although the Cyron Ransomware doesn't use logos for any law-enforcing institution, it does include India-localized references regarding ancillaries of the Supreme Court.
What to Do about Fraudulent Police without Warrants
The Cyron Ransomware's tactic includes elements of social engineering that malware researchers often see in use with similar campaigns. A live countdown, the fetching generic system information like the local IP address and clear lists of which files the Trojan is blocking all help encourage the victim to pay quickly, before realizing that the Cyron Ransomware isn't a legal program. Trojans using FTSCoder are frequently decryptable by free software, and malware experts recommend testing spares of any files with such utilities before risking any premium recovery options. Backups also offer even more dependable protection from the Cyron Ransomware's encryption damages.
The Cyron Ransomware campaign seems to be focusing on Indian PC users, but FTSCoder is, by no means, limited to systems in that country. Threat actors may install the Cyron Ransomware through e-mail attachment-based content that they conceal as news articles, invoices, or other data of interest to the victim. As of this article's writing, a majority of professional AV programs are detecting this threat and should experience no difficulties in deleting the Cyron Ransomware automatically without letting any encryption occur.
Ignorance of the law isn't just a problem for accidental law-breakers; it also can be an Achilles heel in law-abiding PC users who don't know that they haven't done anything wrong. Believing the wild and salacious claims of Trojans like the Cyron Ransomware is self-destructive to everything except the attacker's profits.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.