Goofed Ransomware
Posted: November 15, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 14 |
| First Seen: | May 17, 2021 |
|---|---|
| Last Seen: | September 9, 2021 |
| OS(es) Affected: | Windows |
The Goofed Ransomware is a minor variation of Hidden Tear, a Trojan whose widely-available code can be purposed for attacks to extort money and lock files. Malware experts have yet to see the Goofed Ransomware campaign as progressing into live deployment, but the Trojan remains fully capable of preventing the users from opening their files indefinitely. Always have your anti-malware programs block or uninstall the Goofed Ransomware, when they identify it and recover your locked data through backups or other, equally free solutions.
The Price of a Little Goof
A threat actor with the profile name of 'Stan' is developing a new version of the Hidden Tear Trojan, with a fledgling campaign that already includes cryptocurrency-based extortion and dedicated points of contact for negotiations over free e-mail accounts. Since Hidden Tear already includes viable features for encrypting data, the Goofed Ransomware is capable of blocking files from being usable by any victims it might attack immediately. Any other features that might see inclusion in the campaign's deployment, such as wallpaper-hijackings, remain speculative.
For its payload, malware experts are finding no sharp deviations from the standard-operating-procedure of the original Hidden Tear; the Goofed Ransomware continues to conceal its data-locking attacks behind a memory process that shows no user interface and uses an AES algorithm for encryption purposes. Users may identify all files that the Goofed Ransomware 'locks' through this method by searching for '.goofed' extensions, which appear after the original format tags, without erasing them.
The Trojan also creates a Notepad file, which it places in the same directories as any blocked data. The included message provides a Bitcoin wallet address, a 100 USD cryptocurrency ransom to 'buy' the file-unlocking solution, and an e-mail address for negotiating with the threat actor. Although many versions of Hidden Tear do include decryption functions, malware analysts advise avoiding paying for them, which can lead to cybercrooks taking the money without transferring over the decryption key for your files.
Recovering from a File-Encrypting Goof-Up
The Goofed Ransomware's attacks may, potentially, target any type of data that Stan specifies in the Trojan's internal list of formats. However, current configurations of the Trojan represent the most risk to text documents, images like GIFs, archives like ZIP or RAR, and content related to the Microsoft Office software. For enabling a fast, post-infection recovery of any lockable data, malware experts strongly recommend keeping your backups on a non-local storage drive. The Goofed Ransomware and other versions of Hidden Tear also can be compatible with the decryption tools that the security industry provides at no charge.
Threat actors attach Trojan droppers and downloaders for file-locking threats to e-mail spam frequently but also are disguising them as downloads for other media types (such as pirated movies or games). For corporate targets, Trojans like the Goofed Ransomware often are introduced into an already-compromised network that's using inadequate password protection. However, a majority of anti-malware products can identify Trojans of the Hidden Tear family traditionally and should delete the Goofed Ransomware without letting it block any of the PC's local files.
'Stan' may be hoping to turn each lapse in judgment about your PC's security into an equivalent of a hundred dollars of profits, but the Goofed Ransomware is no more or less threatening than any other divergent branch of the sprawling Hidden Tear family. As always, the best protection against the Goofed Ransomware is proactive and involves maintaining strong passwords, regular backups and relevant security software.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.