ExecutionerPlus Ransomware
Posted: December 7, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 8/10 |
---|---|
Infected PCs: | 28 |
First Seen: | June 13, 2022 |
---|---|
OS(es) Affected: | Windows |
The ExecutionerPlus Ransomware is a Trojan that tries to block the media on your PC so that it can extort money for its unlocking software, as well as running a cryptocurrency miner potentially. The symptoms of a Trojan with mining features can include low memory, hardware overheating and performance problems, and those of the ExecutionerPlus Ransomware's file-locking attacks include changes to the names of the files that no longer open. Have your anti-malware products eliminate the ExecutionerPlus Ransomware as soon as possible and use other, free data restoration solutions whenever they're available.
The Invisible Attack Beneath a Ransom Note's Words
Cryptocurrency-mining functions are one easy way by which cybercrooks can create income from Trojan infections passively without any need to persuade the users into acting in a particular fashion. Although many mining Trojans use payloads dedicated to that attack kind only, sometimes, malware analysts find Trojans that pull 'double duty' with two or more distinct sets of features. Rarely are they integrated so well as with the ExecutionerPlus Ransomware, a variant of last year's CryptoJoker Ransomware.
The ExecutionerPlus Ransomware is an in-progress threat campaigning against Turkish and English-speaking PC users with the ability to encrypt and block their files, after which the Trojan creates a ransom message. The encryption method, like the CryptoJoker Ransomware and the similar Executioner Ransomware, employ a straightforward, AES-based enciphering attack that also adds a new extension to the names of the hostage media. The ExecutionerPlus Ransomware may use either '.pluss.executioner' or '.destroy.executioner' for this signature.
What makes the ExecutionerPlus Ransomware unusual is its Web page-based ransom message, which only includes placeholder information, representative of instructions for paying to decrypt your files currently. Malware analysts verify that this file contains references to the Coin Hive domain, a JavaScript-based mining service for the Monero cryptocurrency. That new feature could let the ExecutionerPlus Ransomware create money for the threat actor's wallet account by hijacking the infected system's resources.
Calling Off an Execution of Your Files and Hardware Alike
Coin Hive is an example of an ordinarily-legitimate business service that threat actors frequently abuse for financial purposes. Some anti-malware brands with Web-browsing protection are treating this domain as unsafe by default, and blocking JavaScript, in general, also should prevent the ExecutionerPlus Ransomware's miner from loading automatically. Malware experts are classifying the ExecutionerPlus Ransomware as decryptable by third parties, which removes any incentive for paying a ransom.
Even though the Coin Hive business model encourages throttling features for sustainability and user-friendliness, threat actors are under no legally bound to abide by these recommendations. Extended exposure to a cryptocurrency-mining Trojan may cause your PC's hardware to fail. Scheduling anti-malware scans of your PC can help remove the ExecutionerPlus Ransomware, and similar threats, that operate partially or wholly via background tasks that aren't visible necessarily.
The ExecutionerPlus Ransomware is a highly-specific update to the CryptoJoker Ransomware's set of features and is the first case malware researchers see of Trojans embedding these attacks into a ransom note directly. When threat actors continue innovating, it's advisable to remember that any type of file, even a Web page or text document, is vulnerable to abuse that subverts the safety of the computer virtually.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.