DarkKomet Ransomware
Posted: June 28, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 14,896 |
| First Seen: | June 28, 2017 |
|---|---|
| Last Seen: | September 1, 2020 |
| OS(es) Affected: | Windows |
The DarkKomet Ransomware is a Trojan that grants third parties remote access to your computer, as well as locks your files with encryption to hold them for ransom. Because this Trojan's backdoor features can enable other attacks besides those included in its payload, you may see other symptoms, in addition to changes to your files and desktop. Victims should disconnect from the Internet while removing the DarkKomet Ransomware with anti-malware tools, and then recover any locked content from a backup.
Trojans with Backup Plans for Attacking Your Computer
Although most Trojans specialize, like ants, in highly specific tasks pertinent to their ecosystem, sometimes, threat actors prefer bundling different features into a single threat wildly. File-encrypting Trojans like the DarkKomet Ransomware may seem to be all too common, but less noted frequently is the second half of this program's payload: a backdoor feature. This newly discovered Trojan includes features for giving con artists network-based infiltration of your PC, along with encrypting its files.
Malware analysts are estimating that the DarkKomet Ransomware is cobbled together from the preexisting code of two different sources: Hidden Tear, which provides the data encryption, and DarkComet, which provides the RAT (Remote Administration Tool). The DarkKomet Ransomware's Hidden Tear-based features encode your documents and other media with an AES cipher, append '.locked' extensions onto their names, and deliver ransom-themed messages via text files and hijacking your desktop's wallpaper.
On the other hand, the DarkKomet Ransomware's backdoor functionality gives a remote attacker control over the infected PC theoretically, which could lead to a variety of different, manual attacks. The attacker could install other Trojans, delete files (such as backups that the DarkKomet Ransomware's Hidden Tear half has missed), change system settings, or collect your files directly. The DarkComet RAT that the DarkKomet Ransomware is borrowing code from also includes some spying features, such as keylogging, which can record the user's typing input.
Swatting the DarkKomet Ransomware out of the Sky
By distracting its victims with the high-visibility attack against their files, the DarkKomet Ransomware could lead them to believe that restoring their data or paying the ransom it demands will resolve the security issue. Meanwhile, remote attackers could enjoy the fruits of having backdoor access to the PC, such as perusing files or disabling essential security features like firewalls. Although malware experts have yet to confirm many attacks utilizing this threat, the DarkKomet Ransomware's payload is well suited to compromising multiple-system, corporate networks particularly.
PC users without backups to recover any locked content should make copies of their encrypted media and test the compatibility of current Hidden Tear decryptors that the security industry provides for free. Any infected PCs should have all network access disabled immediately to minimize the impact of the backdoor component of this Trojan. Anti-malware products identify and remove the DarkKomet Ransomware as a variant of the DarkComet Rat predominantly.
Depending on what you see when Trojans attack your computer has limitations and even may cause you to take actions to the detriment of your future security. Never take it for granted that not every form of threatening software limits its payload to what's visible, as multi-purpose threats like the DarkKomet Ransomware so well demonstrate.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.