Pack14 Ransomware
The Pack14 Ransomware is an updated version of Hidden Tear, a file-locker Trojan. This variant is circulating via fake invoices on compromised domains, including some government sites. Users can take all the standard precautions, such as backups, remove the Pack14 Ransomware with any professional anti-malware product, and use free decryption solutions as required for unlocking any non-backed-up work.
Trojans Turning Government Websites into Shady Circumstances
Lest users forget that free Trojan resources remain competitors against the fecund Ransomware-as-a-Service sector, malware experts are noting another variant of Hidden Tear in fall of 2019. The Pack14 Ransomware, which isn't a variant of the 2015's Shade Ransomware, is infecting government sites. The Trojan is using these sites as foundations for finding more victims, locking their file and asking for ransoms.
The Pack14 Ransomware's drive-by-download disguises itself as a Portuguese-language invoice from the Vodafone telecommunications and smartphone company. Interestingly, the government sites compromised so far, from Papua New Guinea, don't match the geolocational attributes of the executable's disguise. After infection, the Pack14 Ransomware behaves similarly to other Hidden Tear remixes like the July's CROWN Ransomware, or the DBL Ransomware, the TrumpHead Ransomware and the ShutUpAndDance Ransomware.
The Pack14 Ransomware's attacks still use the 'vanilla' encryption method of Hidden Tear, which is AES-based and lacks significant security, such as a custom RSA key. After blocking media like documents and images – including the desktop, along with other locations – the Trojan appends 'shade8' extensions into their names. It also has a desktop-hijacking feature, which is common, but not default to Hidden Tear, and uses it for displaying a ransom message with an e-mail for negotiating.
Waving Off a Trojan Casting Shade
Freeware Trojans like Hidden Tear and EDA2 aren't always the safest way of extorting money, which explains the prominence of closed-source Ransomware-as-a-Service families in the Black Market. As is usual for most Hidden Tear variants, the Pack14 Ransomware is compatible with free decryption services available in the cyber-security industry, and users should be capable of unlocking their media without paying ransoms. Since this advantage isn't inherent to all file-locker Trojans, malware experts continue placing importance on well-maintained, safely-stored backups for a more all-encompassing solution.
Users also can mind the infection vectors for the Pack14 Ransomware's campaign and take precautions in the following situations:
- Always double-check files for appropriate formats. Documents and similar content never be EXEs or executables or have mismatching icons and names.
- Avoid file downloads coming from inappropriate places, such as domains not endorsed or associated with the company that's supposedly offering the content.
- Be careful when clicking on obfuscated links in e-mail messages and social messaging services, which can redirect you to hacked or corrupted sites.
Invoice-themed disguises are common to campaigns that are targeting vulnerable businesses, but Hidden Tear's encryption works equally well on random, private PC owners. Let your anti-malware services handle uninstalling the Pack14 Ransomware before enacting any appropriate recovery measures.
The Pack14 Ransomware is a memo to anyone without a backup that they really should pay more attention to how vulnerable their files are to a random Trojan's attack. Since it's finding footholds in unexpected places, too, website administrators also should stay on their guard.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.