Home Malware Programs Ransomware Manifestus Ransomware

Manifestus Ransomware

Posted: December 23, 2016

Threat Metric

Threat Level: 10/10
Infected PCs: 91
First Seen: December 23, 2016
OS(es) Affected: Windows

The Manifestus Ransomware is a Trojan that blocks your files with an AES encryption algorithm and threatens to destroy the decryption code unless you pay its ransom. Like its close relative, the EnkripsiPC Ransomware, you can best mitigate the Manifestus Ransomware's potential damage by keeping backups that it can't access and encipher. Updated anti-malware products also may terminate and delete the Manifestus Ransomware without letting it encrypt any content.

Greed Made Manifest by Fake Microsoft Updates

Although the popularity of file-encrypting payloads can seem like a bulletproof way of profiting off of others' misery, the Trojans responsible for these attacks often have less than obvious vulnerabilities and limitations. Perhaps one of the most important of these restrictions is the amount of time they need to finish blocking the files on a hard drive. Some threats, like the Manifestus Ransomware, try to distract their victims with fake system information while these attacks are ongoing.

The Manifestus Ransomware is a Trojan malware experts estimate as being an update to the EnkripsiPC Ransomware currently, which shares the majority of its code with it. When it launches, the Manifestus Ransomware scans for files that it can encrypt and lock using an AES algorithm. Although this scan may take minutes or even hours, the Manifestus Ransomware also creates a fake 'Windows Update' screen to stop the victims from restarting their computers or closing the program.

When it finishes, the Manifestus Ransomware opens a second window that contains a recycled message informing you about the encryption attack and asking for approximately 160 USD value in Bitcoins to restore your data. By demanding the Bitcoin currency for its ransom, the Manifestus Ransomware protects the identity of its threat actor and, simultaneously, shields him or her from any repercussions for failing to deliver the 'purchased' decryption key.

Taking Your Files Back from the Manifestus Ransomware

As always, PC users with the foresight to back their data up to any removable devices or external servers can benefit from using those backups to restore the content. However, malware experts do note encryption vulnerabilities in Trojans of the Manifestus Ransomware's family. For victims with no other options, they may wish to provide samples to appropriate cyber security researchers and enable the development of a free decryption application. Paying a ransom that may not give you a real decryption code or service is always discouraged, except as a final resort.

Although initial detection rates for the Manifestus Ransomware infections were limited, major brands are experiencing improvements in identifying this threat. Some versions of the Manifestus Ransomware may compress or otherwise obfuscate their code, and updating your anti-malware products can help them detect and delete the Manifestus Ransomware before it locks any files. Readers should note that the fraudulent Windows Update this Trojan includes in its payload may not be a part of the disguise it uses for gaining access to your PC necessarily.

The Manifestus Ransomware, the EnkripsiPC Ransomware, and Trojans like them are at their worst for PC users who don't give themselves the luxury of responsible data management. Backing up your files, while potentially tedious, also is the most useful protection against these threat campaigns besides having security software to block them on sight.

Loading...