Home Malware Programs Ransomware Eternity Ransomware

Eternity Ransomware

Posted: December 4, 2017

Threat Metric

Threat Level: 8/10
Infected PCs: 64
First Seen: May 5, 2022
Last Seen: May 5, 2022
OS(es) Affected: Windows

The Eternity Ransomware is a variant of FTSCoder, AKA Stupid Ransomware. Trojans of this family use their ability to block your files as a way of holding them hostage until you agree to their payment demands, which they deliver via pop-up alerts. Contrary to its warnings, victims may unlock their files by methods not requiring any ransom, although malware experts also suggest having anti-malware protection for deleting the Eternity Ransomware as quickly and safely as possible.

The Eternity that Might End Faster than Expected

With its source code being available on social networks even more readily than that of Hidden Tear, FTSCoder may soon overtake that file-locking Trojan's family for sheer quantity of members. Best case scenarios for the victims sometimes cause threat actors to abandon a Trojan project before its payload is perfectly functional, as with the oversights in the Eternity Ransomware. However, barely any changes could update this threat into one that imperils the media on an infected PC with the standard procedure of encryption-locking and cryptocurrency ransoming legitimately.

The available samples of the Eternity Ransomware crash upon startup due to a dependency on a missing file that seems to be 'background music' for the victim. The rest of its payload, when working, is similar to those of other FTSCoder (or 'Stupid') variants that malware experts note for 2017, such as IGotYou Ransomware, the Mr403Forbidden Ransomware, the NIBIRU Ransomware, the Cyron Ransomware, and the Windows update-imitating BlackSheep Ransomware. The Trojan scans your PC for files that it's instructed to encrypt, such as Word documents, ZIP archives, or JPG pictures, and locks them with a basic cipher. The encryption key isn't protected and consists of the string 'sameeraperera,' which the Trojan also uses as salt.

The Eternity Ransomware also creates an animated pop-up that delivers an English-based ransom note. The threat actor provides a Bitcoin wallet address and an option for e-mail technical support, along with building the decryptor module's interface into the window. The Eternity Ransomware asks for one thousand USD in ransom money, which malware experts recommend not paying, due to the relatively straightforward means of cracking the FTSCoder family's cryptography.

Addressing an Eternal Trojan from Outside Its Scope

Backups still are the simplest way of protecting any PC's media from being encrypted and held hostage by any file-locker Trojan. However, some less advanced families, including Hidden Tear, EDA2, and FTSCoder, also may have their encryption methods broken by third-party security researchers. The FTSCoder decryption utilities are available for free and can assist anyone with restoring anything that the Eternity Ransomware tries to lock. Search for the '.eTeRnItY' extensions for determining which files the Trojan is encrypting.

Users also can close the Eternity Ransomware's extortion pop-up by entering the code '1234567890,' which is not dynamic with this build of the Trojan. Besides its missing music file, no significant glitches with the Eternity Ransomware should prevent it from working and damaging any files of appropriate formats on a compromised system. Rates of detection for major AV brands that should delete the Eternity Ransomware safely are rising steeply since the emergence of the first samples, with roughly one out of every two products succeeding.

The Eternity Ransomware's payload doesn't have the technical know-how or new features to make its name anywhere near appropriate, but FTSCoder is a family that will continue making money from harming files. Users have no choice but to secure the contents of their drives appropriately, whether that means scheduling automatic backups or copying files over to separate devices manually.

Loading...