Eternity Ransomware
Posted: December 4, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 8/10 |
---|---|
Infected PCs: | 64 |
First Seen: | May 5, 2022 |
---|---|
Last Seen: | May 5, 2022 |
OS(es) Affected: | Windows |
The Eternity Ransomware is a variant of FTSCoder, AKA Stupid Ransomware. Trojans of this family use their ability to block your files as a way of holding them hostage until you agree to their payment demands, which they deliver via pop-up alerts. Contrary to its warnings, victims may unlock their files by methods not requiring any ransom, although malware experts also suggest having anti-malware protection for deleting the Eternity Ransomware as quickly and safely as possible.
The Eternity that Might End Faster than Expected
With its source code being available on social networks even more readily than that of Hidden Tear, FTSCoder may soon overtake that file-locking Trojan's family for sheer quantity of members. Best case scenarios for the victims sometimes cause threat actors to abandon a Trojan project before its payload is perfectly functional, as with the oversights in the Eternity Ransomware. However, barely any changes could update this threat into one that imperils the media on an infected PC with the standard procedure of encryption-locking and cryptocurrency ransoming legitimately.
The available samples of the Eternity Ransomware crash upon startup due to a dependency on a missing file that seems to be 'background music' for the victim. The rest of its payload, when working, is similar to those of other FTSCoder (or 'Stupid') variants that malware experts note for 2017, such as IGotYou Ransomware, the Mr403Forbidden Ransomware, the NIBIRU Ransomware, the Cyron Ransomware, and the Windows update-imitating BlackSheep Ransomware. The Trojan scans your PC for files that it's instructed to encrypt, such as Word documents, ZIP archives, or JPG pictures, and locks them with a basic cipher. The encryption key isn't protected and consists of the string 'sameeraperera,' which the Trojan also uses as salt.
The Eternity Ransomware also creates an animated pop-up that delivers an English-based ransom note. The threat actor provides a Bitcoin wallet address and an option for e-mail technical support, along with building the decryptor module's interface into the window. The Eternity Ransomware asks for one thousand USD in ransom money, which malware experts recommend not paying, due to the relatively straightforward means of cracking the FTSCoder family's cryptography.
Addressing an Eternal Trojan from Outside Its Scope
Backups still are the simplest way of protecting any PC's media from being encrypted and held hostage by any file-locker Trojan. However, some less advanced families, including Hidden Tear, EDA2, and FTSCoder, also may have their encryption methods broken by third-party security researchers. The FTSCoder decryption utilities are available for free and can assist anyone with restoring anything that the Eternity Ransomware tries to lock. Search for the '.eTeRnItY' extensions for determining which files the Trojan is encrypting.
Users also can close the Eternity Ransomware's extortion pop-up by entering the code '1234567890,' which is not dynamic with this build of the Trojan. Besides its missing music file, no significant glitches with the Eternity Ransomware should prevent it from working and damaging any files of appropriate formats on a compromised system. Rates of detection for major AV brands that should delete the Eternity Ransomware safely are rising steeply since the emergence of the first samples, with roughly one out of every two products succeeding.
The Eternity Ransomware's payload doesn't have the technical know-how or new features to make its name anywhere near appropriate, but FTSCoder is a family that will continue making money from harming files. Users have no choice but to secure the contents of their drives appropriately, whether that means scheduling automatic backups or copying files over to separate devices manually.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.