Lalabitch Ransomware
Posted: July 4, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 83 |
First Seen: | July 6, 2017 |
---|---|
OS(es) Affected: | Windows |
The Lalabitch Ransomware is a file-encrypting Trojan that denies the users access to files such as work content and recreational media until they pay a ransom. While the viability of public decryption still is subject to analysis, victims can limit the fallout of the Lalabitch Ransomware infections by storing backups on other devices. Use anti-malware products to delete the Lalabitch Ransomware, which doesn't install itself and may have support from other threats.
How Servers Get Introduced to Data Extortion
Most file-encrypting attacks owe their existence to distribution-enabling vulnerabilities, such as corrupted JavaScript or macros, or even due to the Trojans in question bundling themselves with other downloads. Nonetheless, not every case of holding files hostage for money is a result of such obvious security mistakes. Malware experts identified an Indonesian Trojan's attack benefiting from another installation method: the Lalabitch Ransomware campaign only recently.
The Lalabitch Ransomware's threat actors are installing their Trojan after compromising business sector servers by brute-forcing or phishing their login details. This level of access lets them compromise the system manually, install the Lalabitch Ransomware, run its payload, and then, potentially, remove it afterward (to deprive security companies of any samples for analysis). The victimized servers only retain their encoded and unusable files, as well as a PHP ransom message.
The latter uses simple ASCII to convey its demands for giving the victim a decryptor: 1,300 USD in Bitcoins, transferred to the threat actor's wallet address. The Lalabitch Ransomware also claims that it will delete essential decrypting information within twelve hours, although the shortness of this limit makes it likely that the Trojan is bluffing. Malware experts have yet to verify whether the Lalabitch Ransomware contains any data-deleting features, but the encryption routine does work as advertised.
Kicking Unwanted Company out of Your File Storage
Users trying to recover data locked by the Lalabitch Ransomware can identify any encoded content from the '.lalabitch' extension that the Lalabitch Ransomware appends to each encrypted file. However, decryption without paying may not be possible, and con artists using Bitcoins can take their money without suffering penalties for refusing to help with unlocking services afterward. As a result, good backup management is the ideal preventative for keeping the Lalabitch Ransomware's damages as negligible as possible.
PC users also can protect their server logins by using advanced password strings, including seasonal rotations, varying mixes of numerical and alphabetical characters and case-sensitivity. Avoid passwords that are commonly used, such as 'admin,' '1234,' or 'password1,' which leaves the login at risk of attack by brute-force hack tools. In non-manual installation attempts, various anti-malware programs can remove the Lalabitch Ransomware before it starts encrypting content, along with uninstalling it afterward.
Many security problems are transparent only in hindsight. With the consequences of a lazy password being over a thousand dollars, the Lalabitch Ransomware is showing how taking the time to go over your company server's potential weak points is always a time well spent.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.