InfinityShadow Ransomware
Posted: August 15, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 8/10 |
---|---|
Infected PCs: | 1,293 |
First Seen: | August 15, 2017 |
---|---|
Last Seen: | June 3, 2021 |
OS(es) Affected: | Windows |
The InfinityShadow Ransomware, also referenced as InfiniteTear, is a Trojan that uses the AES encryption to block your media before delivering a text-based message asking for money to decode them. This threat is a security risk to all .NET-compatible operating systems and may damage your local files permanently. Having anti-malware programs removing the InfinityShadow Ransomware as proactively as possible, and backups to reverse any immediate damage it may cause, are the recovery options that malware analysts recommend.
The Seven-Day Shadow of Phoned-In Trojans
Although most threat actors prefer to use some degree of preexisting code to avoid 'reinventing the wheel,' those who create less derivative software are more likely to reap various benefits, such as avoiding the current standards for AV threat detection. However, a Trojan's unique features may be hidden on a level below any of its symptoms, such as the InfinityShadow Ransomware and its novel choice for network communications.
From the victim's point of view, the InfinityShadow Ransomware's payload is a traditional, file-ransoming one that uses the AES encryption to lock files such as documents or images. When it finishes, it places a text file on the desktop containing its ransoming instructions for getting a con artist-sponsored decryptor: paying two hundred and sixty USD in Bitcoins within a week. Malware analysts have yet to confirm if the InfinityShadow Ransomware is compatible with any freeware decryption tools, although paying such a ransom to recover your media always should be a last resort.
The InfinityShadow Ransomware also generates modest network activity for transferring custom ID numbers to the threat actor's Command & Control server. The methodology in use here is unusual; the InfinityShadow Ransomware takes advantage of the Telegram messaging application, which may be a first among file-encrypting threats. This choice of C&C strategies may reflect on the InfinityShadow Ransomware's preferred targets, which could include smartphone users in iOS, Windows Phone or Android environments.
Cutting a Shadow of Greed Short
The InfinityShadow Ransomware isn't likely of being 'the last' of file-locking Trojans, as malware experts have seen numerous samples of the threat labeling themselves. However, its apparent independence from other .NET Framework Trojans has paid off for its threat actors, who are experiencing a limited detection rate from most brands of AV software. Always keep your security software updated to eliminate possible failures in identifying recent threats.
Infection vectors often in play with file-encoding Trojans include e-mail attachments, website-run exploit kits, and mislabeled downloads of forbidden content (such as pirated games or cracks). Disabling advanced Web content can remove many of the vulnerabilities prone to exploitation by threatening domains, and scanning all files before opening them can help identify and remove the InfinityShadow Ransomware before it becomes a problem. At this article's time of writing, malware analysts only can verify having remote backups as a guaranteed recovery option against this Trojan's file-encoding attack.
Upgrades in Trojan development may not always be something that results in new symptoms for their victims to witness. However, even something as simple as a shift in what kind of internal messaging system is in use can be a portent of large changes in the landscape of file-ransoming misdeeds.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.