NIBIRU Ransomware
Posted: September 25, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 41 |
| First Seen: | September 25, 2017 |
|---|---|
| Last Seen: | December 13, 2018 |
| OS(es) Affected: | Windows |
The NIBIRU Ransomware, also using the name of Hackers Invasion Ransomware, is a new version of FTSCoder: a Trojan that locks your files with encryption and may demand ransoms for unlocking them. The NIBIRU Ransomware variant of this threat displays an interactive, pop-up Web page asking for high Bitcoin prices for the decryptor, although malware experts conclude that current builds should be compatible with freeware decryption solutions. Victims also should back their files up for safekeeping regularly, along with using anti-malware products to uninstall the NIBIRU Ransomware.
Trojans Asking for More than They can Justify
Secure encryption isn't a difficult feature to program necessarily, but many threat actors with less experience in the field are opting for an alternative: insecure encryption, which they pair with a bluff. New Trojans like the NIBIRU Ransomware, using code that its author is borrowing from FTSCoder, often deliver ransoming messages with claims or demands that bear little correspondence to the attacks they're able to carry out. However, the NIBIRU Ransomware does offer the possibility of causing real damage to your files along with other surprises.
The NIBIRU Ransomware uses conventional, encryption-based attacks to scan the infected PC for documents, pictures, and other, recreational or workplace-related data formats that it can block. Besides being unable to open the encoded files, the victims also may recognize them through their '.Doxes' extensions (a reference to the practice of broadcasting identities online to encourage criticism or attacks against the targets), which the NIBIRU Ransomware appends to the ends of their names. The threat actor also may use a built-in form for configuring these data hostage-taking attacks against specific folders or hard drives.
The NIBIRU Ransomware's other features are more unusual than its encryption. This file-locking Trojan also includes partially-developed features for distributing itself, like a worm, over messaging clients like Skype and the Limewire file-sharing application Malware experts also took notice of a costly ransom demand in its interactive pop-up, which asks for up to a million dollars in Bitcoins. The NIBIRU Ransomware's encoding mechanisms aren't exceptionally secure to justify such a substantial ransom.
Taking the NIBIRU Ransomware's Name Literally
Samples of the NIBIRU Ransomware are using executable names that translate from Swahili into the phrase 'let me go,' although the NIBIRU Ransomware is most likely of circulating in a disguised format, such as an email-attached fake document. This Trojan is in its development phase and is not complete yet, but malware analysts are rating some of its features, including the encryption routine, as functional. Users always are best able to protect their media from attacks of this type by keeping backups on devices that the NIBIRU Ransomware would be unable to access and delete.
Even victims without backups shouldn't need to pay the ransom to recover their files and may wish to contact appropriate PC security researchers for breaking the NIBIRU Ransomware's low-level encryption. The default password of 'AnikulapoFela70' also unlocks current builds of the Trojan by removing its ransom-collections window and restoring your encrypted data. Three-quarters of all large brands of anti-malware products also may identify and remove the NIBIRU Ransomware immediately.
If it weren't for its potential for spreading through instant messages and file-sharing services, the NIBIRU Ransomware could be brushed off as a joke. Its encryption is nowhere near the level of security that could justify its expense to the victim, who has every incentive to avoid paying and rewarding harmful misbehavior.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.