Oled Ransomware

Posted: May 31, 2017
Threat Metric
Threat Level: 10/10
Infected PCs 44

Oled Ransomware Description


The Oled Ransomware is a Trojan that locks your files by encrypting them and creates messages asking for Bitcoins for the unlocking solution. Its introduction to new PCs may be tied to the presence of network-related vulnerabilities closely. To best counteract this threat, malware analysts suggest that you backup any important files, use safe password management, and protect your PC with anti-malware solutions for removing the Oled Ransomware in safety.

Recycling Ransoms for New Trojan Attacks

Many of the threat actors making Trojans rarely see a pressing need to put more work into their black market products than a minimum floor of competency. In some campaigns, like the latest the Oled Ransomware attacks, the new branding is the most visible sign of a Trojan that's, otherwise, a copy-paste of previous software. On the other hand, despite its close resemblance to threats like the OnyonLock Ransomware, the Oled Ransomware is representative of a credible threat to any user not paying enough attention to their network settings.

Threat actors appear to introduce the Oled Ransomware to PCs through Remote Desktop-based exploits that grant them backdoor access, and, through that vulnerability, install arbitrary programs. Post-introduction, the Oled Ransomware operates similarly to other variants of the BTCWare Trojan and scans for files to encrypt, including work or similar media, such as Microsoft Office-related content. It also appends the '.oled' extension to every encrypted filename, which malware experts have yet to see elsewhere, along with an e-mail address for its ransom negotiations.

The Trojan further promotes the ransom-based unlocking process with a dropped text note that's nearly identical to previous ones in use with BTCWare variants like OnyonLock Ransomware. Like the older Trojan, the Oled Ransomware claims that the attack is a non-specific 'security problem' and demands Bitcoin payments for any data recovery. It also bribes its victims by offering three no-charge decrypted files, as a sample.

Keeping Your Money Safe from the BTCWare Mob's Rising Star

While threat actors encourage victims to make cryptocurrency payments in short order and without thinking over the consequences, many file-locking Trojans are less than invulnerable to other data retrieval methods. Free decryption strategies are available for many versions of BTCWare, and any affected users should try unlocking their files with such assistance before paying a non-refundable Bitcoin fee. Backups also are recognized widely as a means of recovering content from threats like the Oled Ransomware, as long as you don't save the copies on the same drive.

The Oled Ransomware infections also carry network security implications that could result in other attacks against your PC or information. Double-check all networking settings, particularly for Remote Desktop setups, and change any passwords that could be in unsafe possession. Most traditional anti-malware products also may remove the Oled Ransomware and keep the Trojan from causing any other damage.

Powerful tools like RDP are just as subject to abuse as a gun. The primary difference, with Trojans like the Oled Ransomware, is that the barrel is aiming at your hard drive and your bank account instead of your body.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Oled Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%APPDATA%1sv_host.exe File name: 1sv_host.exe
Size: 66.56 KB (66560 bytes)
MD5: 4e1c53e8c46a365a3d7ad8d80c2aab27
Detection count: 23
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: May 31, 2017
%APPDATA%guide.exe File name: guide.exe
Size: 66.56 KB (66560 bytes)
MD5: a9b86e4c328f29548ea1fd4a8e794602
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: May 31, 2017
Home Malware Programs Ransomware Oled Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.