Instalador Ransomware
Posted: January 22, 2018
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 16,062 |
|---|---|
| Threat Level: | 8/10 |
| Infected PCs: | 5 |
| First Seen: | August 7, 2023 |
|---|---|
| Last Seen: | August 27, 2023 |
| OS(es) Affected: | Windows |
The Instalador Ransomware (or, also, the QwertyCrypt Ransomware and the Qwerty Ransomware) is a file-locking Trojan that's capable of disabling your access to media, such as pictures while distracting you with fake pop-ups. Its attacks also include a ransom demand that utilizes the Bitcoin cryptocurrency and targets Portuguese speakers. Having backups can reduce the danger to your media from an infection, and malware experts suggest having dedicated anti-malware software for handling the removal of the Instalador Ransomware.
Cyber-Ransoms Awash on the Shores of Brazil
The pattern of Brazilian-focused, file-locking Trojans in the threatening software industry is acquiring another data point with the Instalador Ransomware campaign. This Trojan is not yet in a state of verifiable release into the wild, but malware experts can confirm its foundational features as all being workable. Victims of this threat find that their files are unusable and view a cryptocurrency-ransoming window for recovering them, at the disadvantage of financing the threat actors' campaign.
The Instalador Ransomware's samples are circulating as installation executable for unspecified software, also targeting Portuguese speakers. Running this file and installing the Trojan generates a fake loading bar that claims that the program is contacting a remote server. However, this is a distraction that the Instalador Ransomware uses to prevent the user from interfering while it encrypts different file types, including the usual suspects of JPGs, DOCs and PDFs.
Malware experts are seeing current builds of the Instalador Ransomware using '.qwerty' extensions to help the user identify what content it's locked. When all of its encryption finishes, the Trojan removes the fake server-contacting bar and replaces it with an interactive pop-up. This second window includes a Bitcoin ransom (0.05, or 520 USD) to pay for the decryption solution that the threat actors are holding. Without this decryption key, any files that the Instalador Ransomware blocks may not be recoverable directly.
Pushing the Instalador Ransomware Back Off into the Depths
Save for using a Telegram messaging service, instead of the traditional choice of e-mail, the Instalador Ransomware has little content that separates it from the competing file-locking Trojans also attacking Brazil. Some of the relatively recent examples of similar campaigns by file-locker Trojans within the same country include members of the Mircop Ransomware family and Hidden Tear forks like the Curumim Ransomware. Compared to these old threats, malware analysts have yet to examine the chances of free decryption solutions for the Instalador Ransomware's locked media.
With spam e-mails being an especially favorite choice for installing all threats of this classification, users should protect themselves by scanning downloads with e-mail-based origins and remember that document macros are a source of exposure to drive-by-download attacks. The accurate detection rates for this threat are a non-majority among the overall anti-malware industry, but users can update their security software's databases upon prompting to improve this accuracy. Because it does represent a direct endangerment of your PC's local files, you always should uninstall the Instalador Ransomware, or quarantine it, with anti-malware programs dedicated to threat-removing purposes.
A good backup and simple precautions around new files are a user's best chances of harming the profits of the Instalador Ransomware's campaign, which may be distributing itself through any of several exploits. Brazilians, once a favorite victim subset for banking Trojans, are becoming just as prominent for file-locking ones rapidly.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.