Freshdesk Ransomware
Posted: May 12, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 1,555 |
| First Seen: | May 12, 2017 |
|---|---|
| Last Seen: | May 8, 2023 |
| OS(es) Affected: | Windows |
The Freshdesk Ransomware is a Trojan that locks your files with encryption and delivers its ransom demands through the Helpdesk Software-as-a-Service (or SaaS) platform. Despite its using a legitimate customer service product, the Freshdesk Ransomware is threatening software and can cause long term damage to your files. Recommended safety measures include blocking or removing the Freshdesk Ransomware with anti-malware software and saving extra copies of your files on other computers or devices.
Ransoms Delivered Smelling Fresh
Although Trojans are noted for the attacks they commit and the associated damages mostly, many file-encrypting Trojans also are identifiable through their accompanying social engineering techniques. The Freshdesk Ransomware is one of the most 'user-friendly' samples of this threat malware experts can corroborate for spring and uses simple formatting services from a legitimate company to 'grease the wheels' of its extortion.
While malware experts can't yet confirm what encryption method the Freshdesk Ransomware uses, the Trojan's payload does include file-blocking attacks operating via a standard enciphering function. Once they're encoded, all files are identifiable both by their refusing to open, and the Freshdesk Ransomware's adding the '.www' extension onto their names. Other symptoms, such as hijacked wallpaper or icon modifications, are possible but not verifiable at this early date in the Trojan's campaign.
The Freshdesk Ransomware's most different component is the simple HTML file it uses for its ransom note. The Trojan's threat actors are using the legal Freshdesk SaaS service's format for the built-in 'customer support' content, including e-mail communications and a button for buying the decryptor. The Freshdesk Ransomware also displays what is most likely a configurable ransom amount, currently, at a price of 0.5 Bitcoins (878 USD). This case is the first that malware experts can note of a file-encrypting Trojan embedding a Freshdesk style customer help service into the ransoming message, which, usually, is nothing more than several lines of text.
Getting the New Freshness Off Your Computer Desk
The Freshdesk Ransomware's campaign is an interesting point emphasizing what con artists do to encourage victims to take actions with questionable benefits, such as paying ransoms for decryptors that may not be functional or forthcoming. Regardless of the ease of use with which the Freshdesk Ransomware demands its payment, the Trojan's authors may not honor any agreements or help you recover your files. Any victims without the prescience to back up their media should contact specialized malware researchers to see if decoding the Freshdesk Ransomware's payload is possible.
The Freshdesk Ransomware campaign is relatively new, with limited sightings of the threat verifiable by malware analysts. Although its infection strategies may differ from the most used methods, most threat actors distribute file-encrypting Trojans through e-mail spam attachments, website-based threats like the RIG Exploit Kit or brute-force attacks against low-quality passwords. Educated, cautious Web-browsing behavior, good password management, and passive anti-malware protection can defend your PC against all of the above and delete the Freshdesk Ransomware when other threats try to install it.
Ease of use and a friendly, or otherwise deceptive, appearance are defining aspects of social engineering tactics. While Freshdesk's software isn't at fault, using their help to pay a remote attacker is a file-unlocking solution with an undesirable outcome.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.