Katafrack Ransomware
Posted: November 23, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 8/10 |
---|---|
Infected PCs: | 65 |
First Seen: | November 4, 2021 |
---|---|
OS(es) Affected: | Windows |
The Katafrack Ransomware is a new version of the Ordinal Ransomware branch of Hidden Tear, a Trojan that locks the media-related files on your PC by encrypting them. Current releases of the Katafrack Ransomware don't utilize Hidden Tear's file-blocking feature, but updates to the threat could change that evaluation with a minimum of effort. Having backups can55Saturn$ secure your data from Trojans of this type, and many anti-malware products can delete the Katafrack Ransomware and other variations of Hidden Tear.
The People Who Play with a Series of Not-Very-Hidden Tears
A slightly unusual, probably in-progress version of Hidden Tear is being captured and examined thanks to centralized threat-analysis databases. This new form of Utku Sen's file-locking Trojan is a close relative of the Ordinal Ransomware but also demonstrates markedly different behavior from its progenitor. As of this article's date of authorship, the Trojan, the Katafrack Ransomware, omits any attempts at blocking the victim's files and is a security risk due to its interface-blocking ransom note primarily.
The earlier versions of Ordinal Ransomware carried over Hidden Tear's ability to block files, along with modifying the extensions in the names of this content. While the Katafrack Ransomware does claim to be capable of encrypting content to make it non-opening in all related programs, it does not leverage any such attacks or make other modifications to the user's media, such as changing their names or deleting backup currently. However, malware experts can confirm two variants of the Katafrack Ransomware conveying pop-up attacks that include all of the standard warnings and instructions of a file-locking Trojan's campaign.
The Katafrack Ransomware generates a non-interactive HTML window with no border, which takes away focus from other programs (but does not 'lock' the entire screen). This pop-up delivers ransoming demands for Bitcoins or the Ethereum cryptocurrency, which the threat actors claim will purchase the decryption key and program for unlocking your files. Malware analysts also identify a related, Notepad message from the Katafrack Ransomware containing essential transactional data, such as the cybercrook's e-mail, wallet links and the client's ID.
Subtracting the Newest Ordinal Ransomware from Your Series of Problems
Although the Katafrack Ransomware's branch of Hidden Tear is significant for including additional defenses against threat-analysis software like Wireshark, this protection doesn't equate to the Katafrack Ransomware's being more capable than usual of avoiding traditional anti-malware solutions. Most AV security products identify the Katafrack Ransomware at the same rates as other versions of Hidden Tear, which has little code obfuscation or protection from being deleted via third-party tools. However, the Katafrack Ransomware's campaign is too new for malware experts to correlate any firm evidence associated with its infection strategies, which could include e-mail attachments, torrents, exploit kits or brute-force attacks.
Even if the Katafrack Ransomware, currently, doesn't include attack features against your files, updates to this Trojan would require few changes for rendering such a function active. Always backing up your media to another device that's in little to no risk of infection can prevent file-locking Trojans from holding them hostage. Free decryption also is often possible with Hidden Tear-based threats, and most anti-malware programs may uninstall the Katafrack Ransomware and interrupt its payload.
Right now, the Katafrack Ransomware 'only' prevents the victims from viewing all of their screens until they take additional steps to terminate the Trojan's active process. While even this attack is a security issue, it also is just the start of what's likely to turn into a real attempt at blocking files for illicit funds.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.