Manifestus Ransomware
Posted: December 23, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 91 |
First Seen: | December 23, 2016 |
---|---|
OS(es) Affected: | Windows |
The Manifestus Ransomware is a Trojan that blocks your files with an AES encryption algorithm and threatens to destroy the decryption code unless you pay its ransom. Like its close relative, the EnkripsiPC Ransomware, you can best mitigate the Manifestus Ransomware's potential damage by keeping backups that it can't access and encipher. Updated anti-malware products also may terminate and delete the Manifestus Ransomware without letting it encrypt any content.
Greed Made Manifest by Fake Microsoft Updates
Although the popularity of file-encrypting payloads can seem like a bulletproof way of profiting off of others' misery, the Trojans responsible for these attacks often have less than obvious vulnerabilities and limitations. Perhaps one of the most important of these restrictions is the amount of time they need to finish blocking the files on a hard drive. Some threats, like the Manifestus Ransomware, try to distract their victims with fake system information while these attacks are ongoing.
The Manifestus Ransomware is a Trojan malware experts estimate as being an update to the EnkripsiPC Ransomware currently, which shares the majority of its code with it. When it launches, the Manifestus Ransomware scans for files that it can encrypt and lock using an AES algorithm. Although this scan may take minutes or even hours, the Manifestus Ransomware also creates a fake 'Windows Update' screen to stop the victims from restarting their computers or closing the program.
When it finishes, the Manifestus Ransomware opens a second window that contains a recycled message informing you about the encryption attack and asking for approximately 160 USD value in Bitcoins to restore your data. By demanding the Bitcoin currency for its ransom, the Manifestus Ransomware protects the identity of its threat actor and, simultaneously, shields him or her from any repercussions for failing to deliver the 'purchased' decryption key.
Taking Your Files Back from the Manifestus Ransomware
As always, PC users with the foresight to back their data up to any removable devices or external servers can benefit from using those backups to restore the content. However, malware experts do note encryption vulnerabilities in Trojans of the Manifestus Ransomware's family. For victims with no other options, they may wish to provide samples to appropriate cyber security researchers and enable the development of a free decryption application. Paying a ransom that may not give you a real decryption code or service is always discouraged, except as a final resort.
Although initial detection rates for the Manifestus Ransomware infections were limited, major brands are experiencing improvements in identifying this threat. Some versions of the Manifestus Ransomware may compress or otherwise obfuscate their code, and updating your anti-malware products can help them detect and delete the Manifestus Ransomware before it locks any files. Readers should note that the fraudulent Windows Update this Trojan includes in its payload may not be a part of the disguise it uses for gaining access to your PC necessarily.
The Manifestus Ransomware, the EnkripsiPC Ransomware, and Trojans like them are at their worst for PC users who don't give themselves the luxury of responsible data management. Backing up your files, while potentially tedious, also is the most useful protection against these threat campaigns besides having security software to block them on sight.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.