Exolock Ransomware
Posted: September 19, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 32 |
| First Seen: | September 19, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The Exolock Ransomware is a file-locker Trojan that uses encryption to hold content such as pictures or movies hostage. Typical symptoms of its attacks can include ransom-themed pop-ups, a non-consensually-applied desktop wallpaper, and changes to the extensions of your files. Users can defend their PCs from this threat by keeping anti-malware products for blocking or deleting the Exolock Ransomware immediately, and backup strategies can reduce the damage to your media.
When a Bad Action Has a Backup Excuse
Encryption often isn't the sole hazard present in Trojans intended for taking files hostage in return for money. Other dangers that malware experts sometimes see range from the presence of specialized backdoor connections to the possibility of the complete 'wiping' or deletion of a hard drive. However, most threat actors prefer pairing attacks like those of the new the Exolock Ransomware with features for deleting data, or, more often than that, just the superficial appearance of such a feature.
The Exolock Ransomware uses an unidentified encoding method to block files on the infected PC and can target data of formats such as AVI movies, PDF documents, ZIP archives or others. Once they're unable to open in other programs, the Exolock Ransomware adds a custom '.exolocked' extension to their names, for helping the victim identify what content is unreadable purely. Lastly, the Trojan generates an HTA or advanced HTML-based window for showing its threat actor's ransoming demands.
Besides a generic encryption warning and a Bitcoin wallet address for paying 0.01 BTC, the Exolock Ransomware's window also includes threats of deleting your files. Although many Trojans under prior analysis by malware experts, such as the Jigsaw Ransomware, include deletion features, the Exolock Ransomware omits any timing mechanism or other functions that would imply it could follow up on this warning. Its authors, most likely, include the additional bluff to keep the user from searching for alternative recovery solutions before paying the ransom.
Examining the True Value of a Fraction of a Bitcoin
The incredibly low ransoming fee (under 50 USD, by current Bitcoin conversion rates) seems to have been chosen by the Exolock Ransomware's author as part of an overall strategy of soliciting small, fast payments as soon as possible after an attack. Victims paying may not realize that the Exolock Ransomware's Bitcoin fee requires the threat actor's consent to refund, or that any promised decryption services may not arrive. Free decryption solutions have yet to be tested with the Exolock Ransomware, although malware experts recommend backing up your content to make such solutions redundant.
No file-locking Trojan examined by malware experts has included features for deleting encrypted files successfully when the victim tries to terminate it. This caveat includes the real, deletion-capable threats like the Jigsaw Ransomware, which can erase data whenever the PC restarts, or according to a timer. When accounting for these risks, PC users should avoid rebooting unless necessary, and use such techniques as Safe Mode or recovery-based peripheral devices, if it's unavoidable. Most anti-malware products should delete the Exolock Ransomware from the outset before any files are at risk.
The Exolock Ransomware's author knows that the easiest way to get leverage over most PC users is to threaten the contents of their machines. However, such warnings often are hot air, meant to persuade you away from taking the same actions that could help disinfect your computer and save your media.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.