FlatChestWare Ransomware
Posted: August 23, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 9 |
| First Seen: | August 23, 2017 |
|---|---|
| Last Seen: | October 14, 2021 |
| OS(es) Affected: | Windows |
The FlatChestWare Ransomware is a variant of Hidden Tear, a Trojan project intended as a non-harmful demonstration of how con artists use encryption to hold files hostage originally. Besides using a standard, data-encrypting attack to lock your files, the FlatChestWare Ransomware also includes custom graphics for its ransoming instructions and can pretend to be a Windows update. Anti-malware programs should delete the FlatChestWare Ransomware before it can endanger any content on your PC, and freeware decryptors also can help victims who lack undamaged backups.
Hidden Tear Goes Full Anime
Although it does have more than a little competition, minor variants on the common theme of Hidden Tear are persisting as one of the top formats for file-encrypting threats throughout the year. Individual threat actors often separate themselves from their counterparts by aesthetic and ransom-related differences, such as the FlatChestWare Ransomware and its unusual choice of theme. Although this Trojan requires the victim to launch it manually for its attacks to take place, it includes a disguise for its encryption operations, after which an anime-themed warning screen greets the victim.
When running, the FlatChestWare Ransomware begins an encryption routine that searches for file types such as DOC or JPG and encrypts them using an AES-based cipher. So that the victim can identify what content is at risk, it also appends '.flat' extensions at the ends of the names of these files. More unusually, however, when it finishes this attack, the FlatChestWare Ransomware also generates a fake Windows update alert asking the victims to restart their computers. This feature is one that malware experts see in Hidden Tear-based Trojans rarely since it requires additional work from the threat actor.
After the reboot, the FlatChestWare Ransomware shows its ransoming instructions through a pop-up that includes various, standardized features, such as a custom wallet field for transferring payment, a built-in decryption button, and a 'help' button for more information. The threat actor, named Loli appropriately, also includes a screenshot of a small girl from a Japanese animation product, which gives the Trojan a visually distinctive theme. Bitcoins remain the preferred payment method, which gives the con artist the option to keep the money and withhold any decryption help without the risks of refunds.
Escorting Little Encryption Girls Back Home
No matter how valuable your media is, paying a ransom to decrypt your files always is a data recovery solution to avoid until all other options fail. Since malware researchers find that most versions of Hidden Tear are relatively easy to decrypt, victims can copy their blocked files and test appropriate, free decryption tools for the feasibility of reversing the FlatChestWare Ransomware's attack. Other families of Trojans with stronger encryption methods may require different solutions, such as having a backup that the Trojan can't access to delete or encrypt.
Although some threats do prefer installing themselves through fake Windows updates, malware experts have yet to determine whether the FlatChestWare Ransomware's update-based theme is limited to its payload or also part of its delivery method. Regardless of any disguises, anti-malware programs with any history of removing Hidden Tear-based threats also should delete the FlatChestWare Ransomware by default. Identifying the FlatChestWare Ransomware infection by its post-infection symptoms, such as pop-ups, always involves a risk of allowing your files to be enciphered, deleted or corrupted.
On artists like the FlatChestWare Ransomware's author always are looking for ways to make their Trojans stand out from the crowd. Despite that, even an adorable mascot is no greater reassurance that your ransoms are paying for real data recovery, as opposed to the dryer but more practical efforts of various cyber security researchers.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.