Haters Ransomware
Posted: May 12, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 59 |
| First Seen: | May 12, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The Haters Ransomware is a variant of FTSCoder, a Trojan that can encrypt your files and display messages that may ask you for ransom money to decrypt them. Free data recovery solutions always are emphasized during attacks of this type, which seek to damage your local media in ways that the threat actors may not reverse necessarily even when you pay them. When possible, use anti-malware products for blocking and deleting the Haters Ransomware before it starts to encrypt any content.
Trojans Pretending to be More than They Are
While some forms of cyber warfare benefit from publicity, not everyone has the talent to create Trojans that get many headlines. Those without the skill sometimes borrow the brands of other campaigns, as readers can see with the Haters Ransomware's appropriation of the Cerber3 Ransomware label. Since the two Trojans aren't related, victims could choose the wrong recovery options and cause even more damage to their files than the Haters Ransomware does originally.
The Haters Ransomware is part of the latest wave of .NET Framework Trojans with a payload highly similar to the FuckTheSystem Ransomware. Although still in development, the Haters Ransomware's payload does include some functional attacks, such as:
- The Haters Ransomware uses an encryption algorithm for blocking files that can include documents, pictures, spreadsheets or archives. The Trojan gives every file that it encodes an additional '.haters' extension for the victim to identify them.
- The Trojan also generates a Windows dialog box that may, in the future, display ransom notes, such as requests for Bitcoin transfers. A simple, password-based decryption feature also is present in the same pop-up.
Using the appropriate decryption solution is critical to restoring the blocked files. Since much of the Haters Ransomware's default file data makes references to the third major version of the Cerber Ransomware, anyone trying free decryptor solutions may use the wrong application and destroy their media.
Working Through a Mislabeled Trojan's Hate
Unlike the family of file-encrypting threats whose name it misappropriates, the Haters Ransomware has a variety of vulnerabilities that malware experts can point out for the sake of recovering blocked content. Victims can use free decryption solutions already being hosted by other cybersecurity companies for decoding their files or the hard-coded password of 'Masihmaubullyguaanjeng' to force the Trojan to unlock them. Because future releases might change this password or the encryption method, PC users also should consider having backups that provide further protection against its attacks.
The Haters Ransomware campaign isn't in its public deployment stage, and the possibility remains that its authors may never distribute it. If they do so, the infection vectors most likely of being used include forged e-mail messages and corrupted website scripts that can load drive-by-download exploits. Good Web-browsing habits and anti-malware protection can block many elements of these attacks and have a high chance of removing the Haters Ransomware before it starts encrypting any of your files.
The phenomenon of threat authors giving wrong intelligence to the people they're attacking is unlikely to go away soon. Anyone not taking the precautions to stop a Trojan infection in the first place will need to pay attention to how they remove threats like the Haters Ransomware, lest further problems occur.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.