NotAHero Ransomware
Posted: April 12, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 68 |
| First Seen: | April 12, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The NotAHero Ransomware is a Trojan that places your files in a password-protected ZIP archive to keep you from opening them. The Trojan attempts to sell the password for Bitcoin payments to its threat actor, although most users should try all data-restoration alternatives first. Its payload's effects have the potential to be irreversible and protecting your PC with appropriate security features and software that can detect and remove the NotAHero Ransomware before an infection is critical.
Packing Your Files Up for 'Safekeeping'
While an overwhelming majority of file-encrypting threats favor encoding every file that they attack individually, a much smaller number of them take a simpler, less thorough approach to encryption. The alternative tactic of simply moving the victim's digital possessions into an inaccessible location, such as a compressed archive, is one that malware experts sometimes see via Trojans like the 'All_Your_Documents.rar' Ransomware or the even newer the NotAHero Ransomware. Instead of using WinRAR, the NotAHero Ransomware blocks your files with a WinZip-based compression, although the final effect is identical.
The NotAHero Ransomware targets a set list of media with prerequisites based on either the locations, such as the Downloads folder, or the formats, such as PDF. Instead of encrypting each file, one at a time, the NotAHero Ransomware moves them to a newly-created ZIP archive. It locks the compressed file with a password that malware experts have deemed as being hard-coded and, therefore, static. This trait makes it more vulnerable to cracking efforts than the typically variable decryption keys that competing Trojans generate for each infection individually.
The NotAHero Ransomware also creates a second, Notepad file: the self-explanatory 'Pay me bitcoins to get all your files unlocked.txt.' It contains minimal information for the victim, besides a wallet address, after which the threat actor, supposedly, will provide the password.
Being Your PC's Hero for Hostage Files
The NotAHero Ransomware campaign doesn't date back further than April of 2917 significantly and has no currently evident relatives in the threat industry. Malware analysts still are trying to determine how its authors are distributing it. Similarly-categorized attacks can compromise your PC through a range of exploits that include:
- A browser-based content can download the NotAHero Ransomware automatically, through the use of JavaScript, Java or Flash vulnerabilities.
- Some threat actors target specific entities, most often small to mid-size companies, with Trojans that they attach to forged e-mail messages.
- A minority of file-encrypting Trojans also may bundle themselves with mislabeled downloads circulating on websites or torrents, particularly ones related to pirated content.
While the NotAHero Ransomware's ZIP password isn't customized, samples of this threat are in low supply, and malware analysts and other industry researchers have not yet cracked it. For victims uninterested in the risk of paying the Bitcoin ransom, keeping regular backups and saving them to external drives or servers will offer the best protection from all file-encrypting attacks. Reliable brands of anti-malware software also may block many of the previously-noted exploits and remove the NotAHero Ransomware immediately.
It doesn't take innovation or advances in encryption technology to lock unprotected victims out of their digital possessions. In many cases, like the NotAHero Ransomware, such an attack needs nothing more to succeed than an absence of backups and one wrong click.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.