Home Malware Programs Ransomware InfinityShadow Ransomware

InfinityShadow Ransomware

Posted: August 15, 2017

Threat Metric

Threat Level: 8/10
Infected PCs: 1,293
First Seen: August 15, 2017
Last Seen: June 3, 2021
OS(es) Affected: Windows

The InfinityShadow Ransomware, also referenced as InfiniteTear, is a Trojan that uses the AES encryption to block your media before delivering a text-based message asking for money to decode them. This threat is a security risk to all .NET-compatible operating systems and may damage your local files permanently. Having anti-malware programs removing the InfinityShadow Ransomware as proactively as possible, and backups to reverse any immediate damage it may cause, are the recovery options that malware analysts recommend.

The Seven-Day Shadow of Phoned-In Trojans

Although most threat actors prefer to use some degree of preexisting code to avoid 'reinventing the wheel,' those who create less derivative software are more likely to reap various benefits, such as avoiding the current standards for AV threat detection. However, a Trojan's unique features may be hidden on a level below any of its symptoms, such as the InfinityShadow Ransomware and its novel choice for network communications.

From the victim's point of view, the InfinityShadow Ransomware's payload is a traditional, file-ransoming one that uses the AES encryption to lock files such as documents or images. When it finishes, it places a text file on the desktop containing its ransoming instructions for getting a con artist-sponsored decryptor: paying two hundred and sixty USD in Bitcoins within a week. Malware analysts have yet to confirm if the InfinityShadow Ransomware is compatible with any freeware decryption tools, although paying such a ransom to recover your media always should be a last resort.

The InfinityShadow Ransomware also generates modest network activity for transferring custom ID numbers to the threat actor's Command & Control server. The methodology in use here is unusual; the InfinityShadow Ransomware takes advantage of the Telegram messaging application, which may be a first among file-encrypting threats. This choice of C&C strategies may reflect on the InfinityShadow Ransomware's preferred targets, which could include smartphone users in iOS, Windows Phone or Android environments.

Cutting a Shadow of Greed Short

The InfinityShadow Ransomware isn't likely of being 'the last' of file-locking Trojans, as malware experts have seen numerous samples of the threat labeling themselves. However, its apparent independence from other .NET Framework Trojans has paid off for its threat actors, who are experiencing a limited detection rate from most brands of AV software. Always keep your security software updated to eliminate possible failures in identifying recent threats.

Infection vectors often in play with file-encoding Trojans include e-mail attachments, website-run exploit kits, and mislabeled downloads of forbidden content (such as pirated games or cracks). Disabling advanced Web content can remove many of the vulnerabilities prone to exploitation by threatening domains, and scanning all files before opening them can help identify and remove the InfinityShadow Ransomware before it becomes a problem. At this article's time of writing, malware analysts only can verify having remote backups as a guaranteed recovery option against this Trojan's file-encoding attack.

Upgrades in Trojan development may not always be something that results in new symptoms for their victims to witness. However, even something as simple as a shift in what kind of internal messaging system is in use can be a portent of large changes in the landscape of file-ransoming misdeeds.

Loading...