Executioner Ransomware
Posted: June 7, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 49 |
| First Seen: | June 7, 2017 |
|---|---|
| Last Seen: | March 23, 2023 |
| OS(es) Affected: | Windows |
The Executioner Ransomware is a Trojan that uses encryption derived from the Hidden Tear project to block your files from opening. This form of file damage sometimes is curable by third-party decryption software, although malware experts also recommend having backups to cover any difficulties in data restoration. Any anti-malware program able to deal with Hidden Tear previously should have no issues with removing the Executioner Ransomware as a default threat to your PC.
Trojans Executing Plans for High-Tech Hostage Grabs
Hidden Tear is far from the only Trojan family to be reused and recycled in 2017 widely, but retains a notably leading position, either due to how easy it is to work with, or how simple its code is to obtain without few or no costs. Threat actors are using the HT family to attack systems throughout the world, including, as readers can see with the Executioner Ransomware, PCs in the Middle East. The Executioner Ransomware uses a slightly more sophisticated ransoming method than a similar threat, the DolphinTear Ransomware, although the more threatening features are all but indistinguishable.
The Executioner Ransomware follows its installation by scanning the system, potentially also including network-accessible folders, for documents, pictures and other media. Appropriate formats in the locations it scans will be encrypted with an AES or Rijndael-based cipher to keep them from opening. The Trojan also adds an extension to their filenames, although, unlike most Hidden Tear versions, malware experts find that the Executioner Ransomware's extension uses random characters.
The Trojan collects profits from its attacks by asking any victims to visit its TOR-protected website to pay a ransom for decrypting their media. In contrast to most, low-effort Hidden Tear variants, the Executioner Ransomware uses both an image (most likely locked as the desktop wallpaper) and a crafted HTML page for its ransom demands, instead of plain text.
Preventing Wild Programs from Playing Judge, Jury and Executioner
PC owners can counter even the most successful the Executioner Ransomware's infections by using remote backups, such as cloud services, to let them restore their files from non-damaged copies. The Hidden Tear family also isn't one of the most secure groups of file-encrypting Trojans that malware experts have identified, and free decryption solutions can be possible. Like other Hidden Tear Trojans, the Executioner Ransomware doesn't damage the operating system intentionally but does represent a significant danger to computer user's data, such as work or recreational content.
The Executioner Ransomware uses both Turkish and English languages in its ransom notes, and PC owners watching for possible infection vectors should keep this campaign's geographical preferences in mind. Recent trends emphasize file-encrypting Trojans installing through spam e-mail campaigns, although other methods also are in play. Regardless, standard PC security products should block and delete the Executioner Ransomware outright.
Prevention is always key to keeping threats from gaining the footholds necessary to wreak harm upon your PC and anything you save on it. A few minutes a day abiding by the right security tips can pay off in dividends, or Bitcoins, when it comes to handling Trojans like the Executioner Ransomware.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 118.78 KB (118784 bytes)
MD5: eec4f84d12139add6d6ebf3b8c72fff7
Detection count: 72
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: June 11, 2017
Registry Modifications
Regexp file mask%USERPROFILE%\ransom.jpg
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.