File Spider Ransomware
Posted: December 11, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 6/10 |
|---|---|
| Infected PCs: | 0 |
| First Seen: | August 8, 2022 |
|---|---|
| Last Seen: | June 3, 2023 |
| OS(es) Affected: | Windows |
The File Spider Ransomware is a file-locking Trojan that can block your ability to open various media formats. This threat uses a website-based ransoming mechanism for selling its decryption key and often is distributed in corrupted documents. Default responses for all PC users should include having their anti-malware products delete the File Spider Ransomware preemptively and using backups as a free substitute for paying its cryptocurrency fee.
Trojans Building Webs for Bitcoins
Some unusually innovative threat actors are administering a campaign that uses an entirely new brand of file-locking threat, the File Spider Ransomware, for converting encryption attacks into money. While the File Spider Ransomware is not a member of families like Hidden Tear or the often-imitated WannaCryptor Ransomware, it does carry a payload with a similar style of attacks that may damage your files to sell a customized restoration service. Malware analysts can verify this Trojan's payload as fully working and the threat as being in deployment.
The File Spider Ransomware's installers are circulating from a bad macro that threat actors are inserting in fake documents, with the subject matter targeting readers interested in the Bayer company's Crop Science division. Enabling the macro requires clicking through a prompt to display all content. Once the user gives this consent, the File Spider Ransomware can install and proceed with its attacks.
The File Spider Ransomware consists of several components: an 'enc' executable, a 'dec' executable, and a shortcut to its ransom pop-up. One of the modules handles the file-locking attack, which may block different formats of media, such as documents, by converting them through an AES algorithm. The File Spider Ransomware also may disable some security applications and features in the meantime, such as the Process Explorer, to give itself full access to your files.
The shortcut launches the File Spider Ransomware's second module, which displays an unusually-formatted pop-up window. However, the content is a traditional warning and a recommendation to access the threat actor's TOR site, insert the custom-generated ID string, and pay Bitcoins for the file-unlocking code. Since the File Spider Ransomware's Bitcoin ransom is under 200 USD in value, malware experts rate it as most likely that the File Spider Ransomware isn't campaigning against corporate or government networks.
Staying out of the File Spider Ransomware's New-Spun Trap
The File Spider Ransomware's infection vector, while a popular option among threat actors using similar Trojans, also includes some limitations for installing it. Victims who don't enable macros should remain uninfected regardless of whether or not they read the document. Most anti-malware scanners should, when analyzing these e-mail attachments, be able to detect the bad script before the File Spider Ransomware's installation happens.
Although malware experts have yet to determine whether the File Spider Ransomware's cipher is breakable by third-party software, they recommend keeping backups for alleviating any temporary damage to your PC's locally-saved documents and media. Paying a Bitcoin fee subjects the victim to the risk of expenditures without procuring a real decryption code or may purchase a decryptor that produces bugged and unreadable output. All users without significant cyber-security experience should have an anti-malware product manager uninstalling the File Spider Ransomware and retrieving its files after the fact.
The File Spider Ransomware is enjoying not-insignificant support and organization from its threat actors, so far. Users who don't want to take the risk of seeing '.spider' extensions marking the newfound illegibility of their files should be ready to keep backups.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.