Facebook Ransomware
Posted: June 20, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 5 |
| First Seen: | June 20, 2017 |
|---|---|
| Last Seen: | July 23, 2019 |
| OS(es) Affected: | Windows |
The Facebook Ransomware is a variant of Hidden Tear, a program designed as an example of how file-encrypting Trojans function originally. Along with its capability of damaging your files, possibly permanently, the Facebook Ransomware also may lock your screen with the pop-up through which it displays its ransoming conditions. Although appropriate anti-malware products may delete the Facebook Ransomware, malware experts also advise keeping backups to provide fallback recovery options.
The New Face Taking Your Files for Granted
Forks in the Hidden Tear family are continuing to propagate, even though many of these threats may show limited distributive efforts from their makers. However, with most of the work of creating a payload already done in the source code, even new offshoots like the Facebook Ransomware can feature both data-locking attacks that damage your files permanently, and other features, such as pop-ups that block Windows. Ransom payments, while recommended by the Facebook Ransomware and its competitors, are questionable means of restoring either your computer or any content that's encrypted.
The Facebook Ransomware can scan for and lock, through an AES-based encryption function, any of various file formats, including DOC, JPG and XLS. Default Windows locations like the desktop, downloads, and documents folders are vulnerable to these attacks particularly. Although the Facebook Ransomware's scan and encryption routine shows zero symptoms to the user, the Trojan concludes its payload with a pop-up.
This pop-up follows the same functions as Notepad ransom messages in previous versions of Hidden Tear. Its authors use the window to provide their prerequisites for paying to get access to the code for the file-unlocking decryptor built into Hidden Tear. While most elements of this HTML message appear to be copies of preexisting Web pages, malware experts did take note of the new and unusual use of Facebook branding for its background image. No evidence exists to imply that the Facebook website is propagating the Facebook Ransomware through disguised Web links to an exploit kit or other threat with drive-by-download features currently.
Shutting the Book Closed on a Hidden Tear Spin-Off
The Facebook Ransomware is mildly significant for being one of the few Hidden Tear-based threats to include a screen-locking function. Besides delivering its ransom demands, this feature also can stop you from accessing the Windows UI or other programs. Along with that, victims not familiar with the norms of the file-encrypting Trojan industry may be unaware that the Facebook Ransomware's ransoming method, Bitcoins, protects the con artists from refunds if they don't help you recover the locked files.
Backing up your content to locations not subject to being deleted, as the Shadow Copies often are, can protect documents and similar media from being ciphered by the Facebook Ransomware permanently. Unless malware researchers find new evidence confirming how this threat is distributing itself, infection vectors are expected to include such possibilities as spam e-mails, corrupted websites with script-based exploits and freeware bundles. For those users who refuse to back their files up, having an anti-malware product that can delete the Facebook Ransomware preemptively is the only definitive way to keep their content safe from encryption.
Threat actors always are eager to build a name for themselves, even if doing so often entails stealing the names of a legitimate business or service. Trojans like the Facebook Ransomware are little more than another point in the barrage of evidence showing that misconduct uses social engineering and brand awareness, just as much as legal marketing.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.