GruxEr Ransomware
Posted: May 10, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 40 |
| First Seen: | May 10, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The GruxEr Ransomware is a Trojan from the Hidden Tear family that uses the AES-based encryption, in addition to other attacks, to block different file formats. It then displays a screen-locker window that asks you to pay its ransom within three days, although most PC users should try other recovery techniques that don't require upfront payments. You can defend your files against this threat by backing them up diligently and using anti-malware products to catch and remove the GruxEr Ransomware when it tries to attack your PC.
A Trojan Doing More to Your Files than It Admits
Although by itself, data encryption often is threatening sufficiently to provoke ransom payments from its victims, it's not always irreversible. Some threat actors are experimenting with adding extra attack capabilities into a new variant of Hidden Tear, which includes a semi-custom ransoming pop-up and a special attack targeting JPG pictures. By supplementing Hidden Tear's encryption with these new features, the GruxEr Ransomware makes itself even more threatening to the media on an infected PC.
Malware experts can isolate the GruxEr Ransomware into three, primary components:
- The Hidden Tear executable runs a relatively indiscriminate encryption routine using an AES cipher to encipher and block different content, such as text documents.
- The 'worm' component (which refers to its brand name, rather than its classification as a threat) searches for JPG content and modifies these files by injecting data from a bundled PNG image. The same component also replaces the icons of the pictures with ones referencing the GruxEr Ransomware.
- The pop-up-displaying executable loads once the other attacks conclude, and deliver instructions on paying Bitcoins using a template commonly found in several Trojan campaigns. The GruxEr Ransomware's authors did include a unique wallet address and background image to help distinguish this Trojan from older ones.
Besides the extra damage done to JPGs, the GruxEr Ransomware currently is identical in execution to the majority of Hidden Tear variants, which can block your data permanently until you decrypt it or restore from a backup.
Hiding Your Photos Away from Programs with Bad Intentions
The GruxEr Ransomware has yet to see deployment in the wild and may use any of several infection methods, including e-mail spam, brute-force attacks against business systems, and drive-by-downloads launched through the victims' browsers. Since Hidden Tear decryptors are available at no cost, malware experts recommend testing them for data recovery purposes before taking any more drastic actions, such as paying ransoms. The GruxEr Ransomware and other members of Hidden Tear also are vulnerable to remote backups allowing full data recovery notably, although they may delete local, Windows SVC backups.
Symptoms of the GruxEr Ransomware infections are extremely high in visibility, including changes to icons and pop-ups that may block your access to your desktop. Still, these symptoms are apparent after the infliction of file damage, which is one of the various reasons why preemptively securing your PC is vital. Attentive password and browser settings management, when supplemented by anti-malware protection, can block infection attempts or help you remove the GruxEr Ransomware initially.
The GruxEr Ransomware combines the worst of both worlds by combining preexisting Trojans into a cohesive threat with double the usual attack capabilities. Even so, it is just as readily surmountable by the same security practices that are potent against less complicated versions of Hidden Tear.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.