HappyCrypter Ransomware
Posted: September 26, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 91 |
| First Seen: | September 26, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The HappyCrypter Ransomware is a file-locking Trojan that modifies your media with encryption to keep you from opening it. Its attacks can coincide with hijackings of your desktop's background and pop-ups that show ransom-themed messages. Paying ransoms doesn't always give the victim a real decryption tool, and malware experts recommend disabling network connections, disinfecting your PC with anti-malware products best able to delete the HappyCrypter Ransomware safely, and retrieving your files from their last backups.
Heralds of Happiness for Amateur Con Artists
Completely independent Trojans are a relatively rare sight compared to misappropriated or RaaS ones, especially for threat actors who have little to no experience in designing threatening software. The HappyCrypter Ransomware is one of these minority cases, without any immediate relationship to such well-known and well-used families as Hidden Tear, the Crysis Ransomware, EDA2, or the Globe Ransomware. Although malware experts are judging this program as being in the middle of its initial development phase, the Trojan is receiving updates to improve its ability to attack and block the files of any victims.
The HappyCrypter Ransomware includes a three-part payload with two formats for displaying the instructions for its ransoms, as well as a data-encrypting feature. The latter function scans the infected PC for JPG pictures, DOC documents, and other media that the HappyCrypter Ransomware can encipher using an algorithm such as the AES-128. Our malware experts also find that the HappyCrypter Ransomware may be targeting removable devices and other drives, in addition to the PC's main C drive. If not terminated beforehand, the HappyCrypter Ransomware finishes blocking all files matching its location and format conditions and, then, shows its ransoming messages.
The rest of the HappyCrypter Ransomware's payload resets the desktop to a custom image that delivers limited information, other than a general-purpose encryption notice. Most of the HappyCrypter Ransomware's ransoming instructions are in its pop-up window, which asks for 0.9 Bitcoins to a virtual wallet to return your files. The Trojan (which is not a virus, despite its false assertion in the message) also claims that it can delete files if the user closes it, but malware experts find zero evidence of current builds having such a feature.
Keeping Crooks from Being Happier than They Deserve
The HappyCrypter Ransomware is one of a sizable amount of Trojans without finalized payloads, although its threat actor has been updating it over the past, few weeks. Without a full release, malware analysts can't determine how compatible this Trojan might be with free decryption solutions or how its author intends to install it. File-locking threats of note throughout the year often install themselves by exploiting email-based vulnerabilities or, for casual PC users, reckless file-downloading habits. Backing up your files for an easy restoration point is recommended for any user who might, otherwise, consider taking the risk of paying the HappyCrypter Ransomware's cryptocurrency ransom.
Because of its 'lone wolf' origins, detection rates for the HappyCrypter Ransomware infections by major AV brands are lower than those for familial threats (like the Hidden Tear's the CyberDrill Ransomware). Update the databases of your anti-malware products, when prompted, to help them identify new types of threatening software without any inaccuracies. While appropriate anti-malware programs should remove a CyberDrill Ransomware infection, they can't decode and unlock your files.
The CyberDrill Ransomware is a Windows-based Trojan with symptoms customized for attacking English speakers. Any other criteria in its campaign of file-based extortion remain up to future investigations to determine.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.