IFN643 Ransomware
Posted: October 31, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 67 |
| First Seen: | October 31, 2016 |
|---|---|
| Last Seen: | January 13, 2020 |
| OS(es) Affected: | Windows |
The IFN643 Ransomware is a Trojan that tries to encrypt the files on the infected PC, followed by displaying messages asking for payment in Bitcoin to get them back. Its attacks are most easily reversible by restoring from a non-encrypted backup, and paying the ransom will not give the victim a decryption solution necessarily. Although malware experts advise guarding common infection vectors that could install it, deleting the IFN643 Ransomware with anti-malware tools also can protect your computer.
Watching New Trojans as They Rise Towards Your Wallet
Not all threat actors conduct their campaigns with equal levels of attention towards detail or professionalism, and the evolution of the file-encoding Trojan industry encapsulates that fact aptly. In cases of very simple threats, such as the new IFN643 Ransomware, development changes can occur over a matter of days, forcing anti-malware solutions to adjust their database definitions in response. While the IFN643 Ransomware is a relatively limited file-encrypting Trojan, it does include a payload that's capable of blocking your files over a server or series of hard drives.
Malware experts see at least two releases of the IFN643 Ransomware, currently, both of which share the same disguise of being fake PDF documents, most likely pretending to be workplace printer output. PC users downloading and launching the files are accessing an inaccurately-named executable that installs the IFN643 Ransomware. The Trojan scans for data types to encrypt and blocks them with an algorithm that rearranges their internal contents into unreadable ciphers.
The IFN643 Ransomware also displays messages asking for upfront payment for decrypting the above information back to its previous format. Current fees from the IFN643 Ransomware are relatively high, at 1000 USD (1.4 BTC, once converted to Bitcoin cryptocurrency), in comparison to the Trojan's limited sophistication particularly. However, the IFN643 Ransomware's current wallet address uses an invalid string, which makes paying the fee even less beneficial to a victim than usual.
No network activity is observable for either sample, meaning that the IFN643 Ransomware doesn't transfer the all-important decryption key to a con artist's account.
Pushing the IFN643 Ransomware Back Down Where It Belongs
While the IFN643 Ransomware is nowhere near the most polished file-encrypting Trojan malware analysts see, it does include some limited protection against debugging. Despite these features, detection rates against this threat are on the rise, with approximately one in every four AV companies detecting at least one of the two samples successfully. Consider allowing your security software to scan content downloaded from a potentially threatening source, such as e-mail attachments, which remain highly-preferred for Trojan distribution.
Even Trojans with fully-functioning extortion procedures are trustworthy for restoring data after they've modified it rarely. Although PC security companies often offer decryptors for Trojans of this classification, no such tools are in release for the IFN643 Ransomware. Until they are, backups and anti-malware products for the removal of the IFN643 Ransomware infections are your mainstay defenses.
Given the expense of submitting to the IFN643 Ransomware's demands, even subscribing to a top-quality anti-malware service is, clearly, the least expensive option for protecting your digital possessions.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.