Home Malware Programs Ransomware Israbye Ransomware

Israbye Ransomware

Posted: December 21, 2018

The Israbye Ransomware is a variant of Hidden Tear, a file-locking Trojan that uses encryption for blocking media like documents and other recreational or work data. Currently, this threat includes warning messages and encryption behavior without any ransoming process for acquiring a solution. Users should try restoring their files through any of the available free methods for the HT's family and let anti-malware products uninstall the Israbye Ransomware.

Trojans Saying Goodbye to Israel Once Agai

A threat actor is taking some inspiration from the last year's END of ISRAEL Ransomware for launching attacks with political statements attached. The newest, a file-locker Trojan bearing the same, anti-Israel theme is being dubbed the Israbye Ransomware, due to the extension that it shares with the first Trojan. Unlike the END of ISRAEL Ransomware's payload, however, the Israbye Ransomware omits some of the cosmetic features, even though it's harmful to your files equally.

The Israbye Ransomware is a modification of Utku Sen's free Hidden Tear source code, similarly to the Black Worm Ransomware, Crypt0 HT Ransomware or the Qinynore Ransomware. Its encryption function is, as usual, the most significant portion of its payload, and will lock such media as Word documents, PDF documents, JPG pictures, Excel spreadsheets and others. The Israbye Ransomware uses the same 'israbye' extension as the END of ISRAEL Ransomware for delineating these files to the victim.

The filename change isn't the only thing that the Israbye Ransomware copies from the previous threat, although the Israbye Ransomware doesn't implement the old program's screen-hijacking feature. The Israbye Ransomware does create a pop-up ransom note that is almost identical to the one that the END of ISRAEL Ransomware (except for several, missing background elements). The most critical aspect of this note, as per malware experts' confirmation, is the total absence of any decryption help or ransom demands. The locked files require recovery through other means without the help of the Trojan's author.

Getting Contentious Politics Out of Your Files

As a political statement against Israel, the Israbye Ransomware subverts the usual operating procedures of file-locking Trojans that only are blocking media for making money out of the decryption service. However, there are decryption solutions for Hidden Tear variants throughout the Web, and malware experts recommend creating copies of your files for unlocking tests, as appropriate. Even more importantly than that, most threats of the Israbye Ransomware's classification have limited capacity for targeting backups other than the Windows' default Shadow Volume Copies (AKA restore points).

While the Israbye Ransomware does have a handful of anti-security features, such as a hibernating function that renders it dormant temporarily, most security products should detect it, along with other Hidden Tear variants. The users can anticipate infection vectors such as torrents, spam emails or exploit kits using browser-based scripts and vulnerabilities for compromising their PCs. Windows-compatible anti-malware tools should delete the Israbye Ransomware without any difficulties.

Threat actors experimenting with 'permanent' encryption isn't unique to the Israbye Ransomware and the END of ISRAEL Ransomware. Regardless of one's feelings on Israel, backing up your work isn't a bad idea for securing media against threat actors with statements to make.