'.Merry File Extension' Ransomware
Posted: January 27, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 14,966 |
|---|---|
| Threat Level: | 8/10 |
| Infected PCs: | 956 |
| First Seen: | January 27, 2017 |
|---|---|
| Last Seen: | August 7, 2023 |
| OS(es) Affected: | Windows |
The '.Merry File Extension' Ransomware is an update of the 'Merry X-Mas!' Ransomware, a Trojan that locks your files with encryption and promotes a fake Comodo service for recovering them. Paying ransoms to this Trojan's administrators may or may not help you restore your content, and malware experts recommend making regular backups to make the risk non-essential. Anti-malware products previously working against old versions of this Trojan should detect and delete the '.Merry File Extension' Ransomware.
A Belated Seasonal Greeting
The same threat actors responsible for leveraging the 'Merry X-Mas!' Ransomware around Christmas, now, are responding to counter-developments in the cyber security community with an update to their Trojan. The new version, the '.Merry File Extension' Ransomware, may be out of season but is in live deployment as of late January. Its attacks still include locking your files for ransom, as well as additional updates to protect them from old decryption methods that negated needing to pay.
Installation exploits for the '.Merry File Extension' Ransomware emphasize the abuse of e-mail messages bearing attached documents in ZIP archives. The disguised documents, when opened, trigger an exploit for installing and running the Trojan automatically, after which the '.Merry File Extension' Ransomware conducts its payload of data encryption.
The '.Merry File Extension' Ransomware encrypts any files on the PC within its predesignated formats and locations and also adds a new '.Merry' extension to their names. The new file it drops on the compromised system also delivers the same ransoming message that's in use by the 'Merry X-Mas!' Ransomware. The most notable element of the text is its claim of being a data recovery service on offer by Comodo, a real anti-virus company. However, con artists are the actual recipients of any cash transactions and may not reward you with a decryptor that unlocks your data.
Canceling a Late Christmas on Your Computer
In the recent past, the cyber security industry has managed to decode content that the '.Merry File Extension' Ransomware's predecessor blocks, afterward making the decryption application free for download. The '.Merry File Extension' Ransomware's threat actors now are using a different encryption method, but the chances are high that this algorithm, too, is susceptible to cracking by appropriate researchers. For other cases, when decryption is impractical, malware experts highly encourage keeping backups that you update appropriately, which makes any warnings by Trojans of this category relatively trivial.
The '.Merry File Extension' Ransomware also includes several cautionary lines in its ransoming process that it intends to force victims into paying in as short a time frame as possible. Countdown timers for erasing your files may or may not follow up with any real file-deleting functions, and recommendations against using appropriate security software or recovery strategies almost always are bluffs. Anti-malware tools that scan known infection vectors should catch and delete the '.Merry File Extension' Ransomware while also stopping the Trojan from locking anything on your hard drive.
Threat campaigns like the '.Merry File Extension' Ransomware's attacks update themselves just as often as any law-abiding software projects. Computer users who have any files worth keeping should invest in the simple solution of updating their anti-virus and backup solutions to keep up with these trends.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.