DevNightmare Ransomware

Posted: September 18, 2016

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	76

First Seen:	September 18, 2016
OS(es) Affected:	Windows

The DevNightmare Ransomware is a Trojan that uses the base code of Hidden Tear to encrypt your files and hold them up for ransom. PC users should use traditional, robust methods of protecting their data and request for help within the PC security sector for decrypting their files. Limiting the amount of potentially irretrievable data requires removing the DevNightmare Ransomware expediently, which malware experts advise doing with a professional anti-malware product.

Showing Off the New Offspring of No-Longer-Hidden Code

Hidden Tear is a demonstration of both the functionality of corrupted file encryption programs as well as of the capability of threat authors to take advantage of whatever free resources they can find for their campaigns. Originally developed for purely educational purposes, Hidden Tear has long since been under exploitation for creating various Trojans, including the Domino Ransomware, the Black Feather Ransomware and the new the DevNightmare Ransomware.

After being launched, the DevNightmare Ransomware scans for files of formats matching its list of viable data for encryption. Typical examples of such data types include text documents, audio, image files, spreadsheets, compressed archives and slide shows. In addition to encrypting them with an algorithm, malware analysts estimate as being AES-based, the DevNightmare Ransomware also adds a personal extension for each one: the '.2xx9' tag.

The DevNightmare Ransomware accompanies a successful installation with using SMTP protocols silently (to the DevNightmare2xx9@gmail.com, providing the threat with its name) to notify its administrator about the infection and transfer the encryption key. The Trojan also provides a ransom requesting payment for the decryption of your data, via a standard 'READ_ME.txt' file. Unusually, the threat actor doesn't specify a concrete sum of money, only requesting 'some money or bitcoins.'

Waking Up from the Nightmare of Damaged Files

Reusing well-known code lets con artists create rapid-fire variants of old Trojans with almost no effort, but also helps the PC security sector develop ways to neuter these threats. If you need to decrypt any digital content, contact an appropriate member of the PC security community before paying a ransom; you can counteract many data encrypting Trojans with free applications. Malware analysts also encourage making thorough and regular use of backups particularly, which makes decrypting your damaged files entirely needless.

Malware experts are attempting to identify the infection vectors for the DevNightmare Ransomware's campaign. Most attacks using threats of this category may spearhead themselves through e-mail attachments, which disguise themselves with the appearances of business or delivery-related documents. For most PC users, scanning these files with an anti-malware product will detect the installer and remove it before deleting the DevNightmare Ransomware or decrypting your content becomes necessary.

The continual productivity of threat authors calls for matching due diligence from PC owners at large. The DevNightmare Ransomware may be a new Trojan, but old security features and tactics still should be just as potent against it as against the Trojans of yesteryear.

DevNightmare Ransomware

Threat Metric

Showing Off the New Offspring of No-Longer-Hidden Code

Waking Up from the Nightmare of Damaged Files

Leave a Reply