Null Ransomware
Posted: September 4, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 25 |
| First Seen: | September 4, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The Null Ransomware (also self-named as 'Strix') is a Trojan that locks your media-related files with encryption. Symptoms of a Null Ransomware infection usually will include interactive pop-up messages asking for payment for the decoding solution, along with related changes to the names of all encrypted content. Use your anti-malware programs for removing the Null Ransomware safely and backups for keeping your files from being at risk of receiving permanent damage.
The Documentation that's not Worth Reading
Despite how well-known the strategy is, many threat actors persist in using fake text documents as their favorite infection method for Trojan distribution. These attacks sometimes incorporate real documents with fraudulent content that includes exploits, often using macros. However, other times, a Trojan will be the fake document, itself, as malware experts see with the Null Ransomware currently.
Forged email messages are the most widely anticipated means of the Null Ransomware's fraudulent PDF executable circulating, although the Null Ransomware also may be downloaded through disguised hyperlinks or even with the mostly automated, drive-by-download attacks of an exploit kit. After it tricks the victim into launching it by any of the above means, the Null Ransomware proceeds with a system scan that converts media files into encrypted versions of themselves.
The Null Ransomware uses the AES-256-based cryptography to encode files such as documents, pictures, archives or spreadsheets, among other formats. While malware experts can confirm some features of the Null Ransomware's payload being network-dependent, the Trojan also may be capable of locking files without a C&C connection. The Null Ransomware also appends '.null' extensions onto the names of every file that it blocks, which is a tag that has yet to make any appearances in other Trojan campaigns.
Nullifying a Threat to Your Financial Future
Although its immediate impact lies in the damage it causes to your locally-stored media, the Null Ransomware also attempts to extract money from its victims by selling its decryption key. Details of its ransoming instructions are dependent on external settings that a remote attacker configures through a C&C server, although early estimates are that the Trojan may ask for up to up to nearly ten thousand dollars in Bitcoins. Malware experts recommend contacting appropriate security researchers for help, if decryption is a necessity, since the AES-256 encryption, by itself, is often insufficient for preventing third parties from decoding it.
However, decryption can be impossible with some file-locking Trojans, and the Null Ransomware isn't in a finalized stage of development currently. Saving backups to locations not traditionally at risk of attack, such as a detachable USB device, will give any victims choices for data recovery that don't need to break the Null Ransomware's cipher. If you do need to uninstall the Null Ransomware, malware experts suggest rebooting into Safe Mode with a disabled network connection and scanning your PC with a dedicated anti-malware application.
While many anti-malware products are detecting the Null Ransomware as a security risk, software can't prevent a user from opening a file of their own, free will. Be sure to confirm where a document is from before trying to read it since threat actors have nothing other than widespread appreciation for the ubiquitous exploits of a fake PDF.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.