Flyper Ransomware
Posted: September 5, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 8 |
| First Seen: | September 6, 2016 |
|---|---|
| OS(es) Affected: | Windows |
The Flyper Ransomware is a Trojan that encrypts your files and uses that attack to hold your information and media hostage until you pay a ransom. Victims can avail themselves of several replacement solutions that don't entail trusting a con artist with money in return for a decryptor they may not provide. For stopping the original installation or removing the Flyper Ransomware afterward, malware experts only can recommend using dedicated anti-malware products.
The Latest Threat Flipping Your Files for Money
The Flyper Ransomware is a Trojan that malware researchers rate as being a possible variant of the Hidden Tear project, a source of code responsible for a variety of file-encrypting threat campaigns inadvertently. Its attacks examples of the SOP of these types of campaigns, with little original about them technically. However, the Flyper Ransomware can cause potentially permanent damage to your files, making it impossible to restore them.
The Flyper Ransomware's payload includes:
- The Flyper Ransomware encrypts the data that Windows doesn't require for running, including text documents especially (such as TXT, DOCX or DOC), spreadsheets, and other formats of small sizes that may store valuable work records. The encoding process makes all of these files unusable without being decrypted.
- Although it's unrelated to the above function technically, the Flyper Ransomware also provides independent extensions for the data it attacks ('.the Flyper' at the end of each name). The rest of the original names, including the original extensions, aren't erased, allowing victims to track the damages.
- The Flyper Ransomware does create new files in the directories of encrypted content: text notes that provide a walkthrough on how to purchase Bitcoins and send them to the wallet address of the con artist administrating the Flyper Ransomware's campaign. They then supposedly will reciprocate, by providing you with a decryption service that undoes the Flyper Ransomware's encoding attack.
- To prevent you from searching for other solutions to its attacks, the Flyper Ransomware also implements a 'lock screen' style pop-up announcing the attack. The pop-up will cover the entire screen and prevent you from minimizing it or switching window focus away from it.
The result is a locked computer with inaccessible files, at least, until you pay a ransom that might provide no relief from the Flyper Ransomware's payload.
Flipping an Open Source Trojan the Bird
'Free' sources of threat code like Hidden Tear can generate many varieties of Trojans with nearly identical payloads in a surprisingly short amount of time. Although con artists like the Flyper Ransomware's authors make efficient use of such resources, this means of threat development also provides the PC security industry with a head start on creating decryption tools that give any victims options besides paying a ransom. Since Hidden Tear decryptors are widely available at no charge, malware researchers recommend using those before taking any desperate financial actions regarding the Flyper Ransomware's extortion scheme.
Most anti-malware solutions should be able to detect and delete the Flyper Ransomware, like similar variants of Hidden Tear, with high rates of success. In spite of that, malware experts have yet to analyze the Flyper Ransomware's infection vectors, which may use sufficiently recent exploits to be able to avoid detection until the Flyper Ransomware has encrypted some of your data. Many con artists prefer to distribute file encryption Trojans through forged e-mail messages, although attacks that aim at accounts with unreliable login security measures also are rising.
Doubtless, 'old' news like Hidden Tear remains relevant to the current day in threat news, with threat authors freely creating variants like the Flyper Ransomware while expending almost zero effort.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.