Newht Ransomware
Posted: May 8, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 29 |
First Seen: | May 8, 2017 |
---|---|
OS(es) Affected: | Windows |
The Newht Ransomware is part of the Hidden Tear family of Trojans that encrypt your files with an AES-based cipher. Con artists use the Newht Ransomware and similar threats to collect money through their ransoming messages by claiming to sell the decryption key. Although deleting the Newht Ransomware with an appropriate security program is highly advisable, maintaining regular backups also can keep its attacks from causing any undue harm to your digital media.
The Trojan that Keeps Proving Itself Profitable
In spite of the months-old release of a free decryptor for the Hidden Tear family, various threat actors still are trying to create easy profit by selling the data-decoding solutions to their Trojans' attacks. The Newht Ransomware is one of the newest variants to be caught for analysis in the middle of its development, and malware experts have yet to see any attacks deploying it in live environments. Unfortunately for any victims, the aspects of the Newht Ransomware most clearly unfinished aren't related to its encryption attacks, which could block your files permanently.
The Newht Ransomware's payload includes both a file-encrypting function and a ransom demand-delivering one, with the former including a custom password that the Trojan uploads to a Command & Control server. Local files as determined by the Trojan's whitelist, such as documents, undergo an AES-based enciphering routine that blocks them while the Newht Ransomware also appends its '.htrs' extension.
As with the majority of Hidden Tear-based threats, the Newht Ransomware uses Notepad messages that it places on your desktop for delivering its ransoming demands. Like most of its C&C configuration, this message is a work in progress and gives the victim little information, other than a terse encryption warning and a personal ID string. The latter most likely is intended for use in the payment process, after which the threat actor may or may not provide any form of decryption service.
Hiding Your Data from Hidden Tear Exploiters Successfully
Even though the Newht Ransomware is incomplete, the majority of its payload uses a Hidden Tear-based code that needs no additional changes to be capable of damaging the files on your PC. Backing up your content is the surest way to keep it from being locked by threats like the Newht Ransomware, particularly if you store your backups in locations not susceptible to attack such as a detachable USB device. If you are not successful when blocking this Trojan from the outset, malware experts also recommend strongly trying all pertinent freeware decryptors before ever considering a ransom payment.
Symptoms of the Newht Ransomware infections are most visible after the Trojan damages your media successfully. Infection methods endemic with file-encrypting threats particularly include brute-force attacks against weakly password-protected systems, attachments from e-mail spam campaigns, and drive-by-downloads that load through your browser. A combination of adhering to basic security standards and keeping active anti-malware solutions can block the majority of these infection vectors and remove the Newht Ransomware promptly.
The Newht Ransomware is, in spite of its unfinished status, equally as threatening to any unprotected PC user's work as a finished version of Hidden Tear. Until more potential victims learn to protect their files by any means necessary, con artists will continue investing modest work into the 'development' of Trojan variants like this one.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.