Fartplz Ransomware
Posted: May 18, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 8/10 |
---|---|
Infected PCs: | 155 |
First Seen: | May 18, 2017 |
---|---|
Last Seen: | November 20, 2022 |
OS(es) Affected: | Windows |
The Fartplz Ransomware is a Trojan that can lock your files by modifying their internal data, which it follows by extorting money in return for the unlocking software. Some file-blocking Trojans can have their attacks reversed by free software offered by the PC security industry, but, in other cases, full damage recovery is possibly only through a backup. For dealing with this threat, malware experts recommend identifying and deleting the Fartplz Ransomware with anti-malware security tools before it can begin scanning for content to lock.
The Undesirable Aroma around Your File System
Among the many attacks of 2017 involving the hostage-taking of computer data, one detail that often stands out is how the con artists prefer to make their money from the scenario. For the latest Fartplz Ransomware campaign, malware analysts are seeing a dual-charging method that's unusual but not never before seen, which raises implications for what types of systems the Trojan's threat actors are targeting. The victim has multiple options for paying for restoration, but, still, no more of a guarantee that these people will not take the money without helping restore the damaged content.
The Fartplz Ransomware conducts encryption-based attacks on files that can include documents, compressed archives, images, spreadsheets, and other formats not related to the operating system directly. The Fartplz Ransomware flags the filenames of any media it encrypts with the '.fartplz' extension, not seen elsewhere in other Trojan campaigns. The Trojan's final, confirmed feature creates an HTML file that it places inside of any folders with encrypted files or on the desktop.
The Fartplz Ransomware campaign has a lesser-used ransoming method that it communicates through that local Web page: offering to sell the file-unlocking decryptor on a system-by-system basis or a more expensive variant service that supposedly will unlock all encoded files on your network. The second often has associations with attacks against business, government and non-profit entity servers, and the high Bitcoin prices malware analysts are seeing (over five thousand USD, when converted) imply that the threat actors are targeting organizations with large stores of cash assets.
Waving Off a Malodorous Trojan
Although the Fartplz Ransomware's ransoming messages are similar in format to some, older Trojans, no evidence is yet verifiable of whether the Trojan is an independent development or a clone of past threats. High-value targets at risk for file-ransoming campaigns are most prominently subject to security failures through user error, such as maintaining brute-forced passwords or opening e-mail attachments. The latter may disguise themselves as memos or other content associated with a workplace environment, and even can embed drive-by-download exploits into genuine DOC or PDF documents.
Because no free decryption potential is under confirmation of malware analysts, a victim can ensure the safety of his files most efficiently by keeping backups that the Fartplz Ransomware can't delete. Such locations as cloud servers and detachable, USB devices are both secure from many threats of this type traditionally. For non-backed up media, removing the Fartplz Ransomware with an anti-malware utility that detects it before the encryption can finish may be the only solution.
The prices of the Fartplz Ransomware's campaign are high sufficiently that even premium backup software and anti-malware suites combined are less costly than paying a ransom notably. It should seem obvious to most workers, but any server worth paying thousands of dollars to restore also is worth paying much less to protect.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.