Mobef-Salam Ransomware
Posted: February 26, 2018
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 92 |
| First Seen: | August 26, 2024 |
|---|---|
| OS(es) Affected: | Windows |
The Mobef-Salam Ransomware is a variant of the Mobef Ransomware, a Trojan that can use multiple encryption algorithms for blocking your files, with recreational and workplace media being the most at-risk targets. Malware experts verify that the Mobef-Salam Ransomware's campaign uses infection methods targeting Italian PC owners, but its features are capable of holding content hostage anywhere in the world equally. Users should strive for having backups for any infection recovery, and anti-malware programs for uninstalling the Mobef-Salam Ransomware in safety.
Italy Gets a Taste of Trojan 'Peace'
Over the past two years, the Mobef Ransomware family has had minimal activity by comparison to high-profile threats like the RaaS-based Crysis Ransomware or the 'freeware' Trojan of Hidden Tear. However, a new and, apparently, inexperienced, threat actor is beginning to use this family's code in his file-locking attacks. The new version he's distributing, the Mobef-Salam Ransomware, uses an Arabic-based theme, but only is being seen in Italy, so far.
The different infection methods that the Mobef-Salam Ransomware's campaign may be using run the range of all of the following possibilities:
- E-mail attachments may hide Trojan-downloading exploits inside of document macros, and similar security vulnerabilities.
- The Mobef-Salam Ransomware's threat actor may employ exploit kits (such as the recent Nebula Exploit Kit, which is a notable file-locker Trojan distributor) for installing the threat whenever a Web browser without extra protection loads a compromised domain or ad-serving network.
- Some attacks also use bundles with torrents and similar, file-sharing apparatus, although this tactic is less frequent than the above ones.
The Mobef-Salam Ransomware retains a complete file-locking feature that can block documents, pictures, and similar media automatically, which is the primary purpose of any infection. Since the Mobef Ransomware's family includes support for multiple encryption algorithms, malware experts can't determine the compatibility of any hostage files with any free 'unlocking' software, although victims may provide samples to interested cyber-security specialists for further investigation. You also may experience supporting symptoms, such as changes to your wallpaper, pop-ups, or new extensions that the Trojan adds to the names of any files.
Culling the Mobef Ransomware Family's Latest Offspring
All victims of the Mobef-Salam Ransomware infections, for now, reside in Italy, which is a not uncommon choice for a file-locker Trojan's campaign. However, the Mobef-Salam Ransomware's author is using English-based notes for collecting money afterward. These messages use unusual names and extensions ('READ.4YOU') that aren't traditional for Mobef Ransomware family, or most, other families. The limited instructions provide an e-mail for negotiating and ask for Bitcoins for the decryptor that, potentially, unlocks your files.
Paying that ransom doesn't always give a victim the supposed decryption service they're buying, and malware experts emphasize having a backup storage plan for turning any consideration of a ransom into a redundancy. Even when they don't assist the purchaser, the con actors can keep Bitcoin payments without any risk of fraud protection-based refunding. Besides saving a backup, users can defend their media by disabling Web-browsing scripts, turning off document macros, and letting their anti-malware products detect and remove the Mobef-Salam Ransomware.
Malware researchers are unsure as to whether the Mobef-Salam Ransomware will branch out to other nations, in time. Whether or not it stays inside of Italy's borders, the Mobef-Salam Ransomware is just one of a crop of file-locking threats that call for PC owners to review their data storage protocols on a weekly basis.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.