Naampa Ransomware
Posted: July 19, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 53 |
| First Seen: | July 19, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The Naampa Ransomware is a Trojan that locks your files to force you to pay for recovering them. Free decryption software and previous backups are two options victims can use for data retrieval instead of paying the threat actor (who may not honor the agreement). Numerous brands of anti-malware products may identify this threat and, therefore, delete the Naampa Ransomware before it launches an attack or after one occurs.
Russia Gets Renewed Attention from File-Snatching Extortionists
As a consequence of its law enforcement's stance on related investigations, the nature of Russia in the cyber-crime industry is a somewhat remarkable one. However, while it remains unusual, Russia no longer is a safe zone for PC owners hoping that seasoned threat actors will be limiting their misdeeds to other targets. The long-term evidence of this change in the Trojan industry is highly visible with the small family of the Unlock92 Ransomware, of which malware experts are just finding a new member: the Naampa Ransomware.
The Naampa Ransomware still will use the semi-rare choice of RSA-2048 as its cipher for encrypting the files of any victims, with a double-layered generation of custom keys guaranteeing the data blockade's protection. Data that the Naampa Ransomware may block this way can include text documents, archives, images, Web pages, audio, and other media content, particularly types related to the Microsoft software. It also appends '.crptd' to their names, which is a new extension for the Trojan's family.
The threat actors using the Naampa Ransomware's payload as collateral are delivering their demands via a JPG file, instead of a text-based format. The picture instructs the victim to contact their e-mail address for assistance, along with transferring the custom file that the Naampa Ransomware uses as a holder for one of the two keys (the other of which the Trojan transmits to the threat actors).
Ending a Short Lineage of Russian Data Saboteurs
Although the Naampa Ransomware's definitive identification comes from the middle of July, members of the Unlock92 Ransomware family go back to the previous year, at a minimum. Based on the geographical preferences of its ransoming methods, malware analysts recommend that PC users anticipate infection methods using content with the Cyrillic alphabet. However, its authors also could install the Trojan without any consent after getting system access by cracking the login credentials. Using stronger passwords can mitigate, if not entirely remove, such dangers significantly.
While backing up content is a strong defense against file-encoding threats, malware experts don't recommend relying on local backups exclusively. The Naampa Ransomware deletes the Shadow Copy-based data that Windows could revert to by default, which erases the chance of getting the files back without external copies. Always save your files to another server or a peripheral device, when possible.
Different brands of anti-malware products are capable of identifying the Naampa Ransomware and other members of the Unlock92 Ransomware's group. Use these programs to protect your PC by scanning any new files and monitoring both potential, corrupted website contact and exposure to embedded drive-by-download exploits such as a document's macro. For most users, updated anti-malware protection can guarantee that they delete the Naampa Ransomware as soon as it's detected.
Although different lands are prone to different, natural disasters, there's no living space with computers with freedom from attacks like the Naampa Ransomware's hostage-taking tactics. Non-consensual encryption is an attack without borders, although, sometimes, it may prefer one language over another.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.