FessLeak Ransomware
Posted: February 6, 2015
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 45 |
| First Seen: | February 6, 2015 |
|---|---|
| OS(es) Affected: | Windows |
The FessLeak Ransomware is a file locker Trojan that uses encryption to make your files unreadable, and then displays a ransom notification to force you to pay for a reversal of the procedure. There are multiple variants of the FessLeak Ransomware with significant structural differences between them; consequentially, having updated anti-malware products can be essential to detecting (and, hence, removing) the FessLeak Ransomware appropriately. Browser security is critical for avoiding the FessLeak Ransomware attacks, which malware researchers have associated with various corrupted Web advertisements.
The Trojan that can Attack Your Files without Having Any of Its Own
The FessLeak Ransomware is a file encryptor that was seen in mid to late 2014, with its campaign continuing into the new year, as well. Like other threats of the same classification, such as the Critoni Ransomware or BUYUNLOCKCODE, the FessLeak Ransomware uses encryption to scramble the information of an infected machine's files, such as documents or images. The FessLeak Ransomware then demands that its victims purchase a decryption key. Although some evidence has arisen pointing to Russia-based persons as the culprits responsible for the FessLeak Ransomware campaign, PC users of all nations are at risk from its advertising-based distribution exploit.
So far, the FessLeak Ransomware's perpetrators have made use of advertisement bidding systems to gain access to major advertising networks on reputable domains. Affected domains include well-known ones like the Match.com dating site, the liberal news site HuffingtonPost.com and the image-hosting site of Photobucket.com. Malware researchers can confirm the relative brevity of these attacks, which use a shifting domain architecture that terminates after eight hours, but then renews in future attacks, with new URLs. Unprotected PCs loading compromised sites in their browsers would suffer from automatic installations and launches of the FessLeak Ransomware.
An old version of the FessLeak Ransomware is notable for avoiding dropping files on the victim's hard drive. Instead, this variant of the FessLeak Ransomware is extracted directly to the system's memory, via a default Windows tool. A new version of the FessLeak Ransomware does drop files on your PC, in combination with the abuse of zero-day Flash exploits that allow the drive-by-install to take place. Preliminary research suggests that this new version of the FessLeak Ransomware does take multiple steps to block its detection from major anti-malware products, such as hash rotation and the auto-detection of VE (virtual environment) systems.
Plugging the File-Ransoming Leak
Although the file hostage-taking attacks of file encryptors like the FessLeak Ransomware can be resolved by as basic a defense as using a remote file backup, infection prevention continues to be the ideal scenario. Malware researchers can recommend updating Flash routinely to cut down on inherent vulnerabilities. However, in light of the abuse of zero-day (unpatched) attacks, other means of protecting your PC also may be needed. Anti-malware products with browser security functions may be able to identify corrupted domains or content linked to the FessLeak Ransomware.
The FessLeak Ransomware derives its name from the shared e-mail address used in the registration of many of the domains linked to its campaign. The proliferation of dozens of these websites, as well as the routine updates in their organization, makes an obvious case for the FessLeak Ransomware's campaign being competent and attentively maintained. PC users may need to be just as attentive to their online security, even while browsing 'safe' Websites, to keep the FessLeak Ransomware from getting a foothold on their machines.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.