Parisher Ransomware
Posted: October 19, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 21 |
First Seen: | October 19, 2016 |
---|---|
OS(es) Affected: | Windows |
The Parisher Ransomware is a file encrypting Trojan that holds your data hostage while awaiting ransom payments. There are no known decryption options for this threat, and scheduling a regular backup can provide the most direct route for saving any encoded content. In ideal situations, your anti-malware programs should remove the Parisher Ransomware before the Trojan can encode any content.
Trojans Dangling Decryptors Through E-mail
The lifespan of an online messaging account its holder uses for ill-minded acts often is a brief one, requiring con artists to jump to new addresses and account names semi-regularly. While some threat authors prefer investing in anonymity services that work around this problem, others, like the threat actors for the Parisher Ransomware, keep multiple accounts available. The redundancy in options helps the Parisher Ransomware's administrators hold the lines of communication for extortion open as long as possible, potentially giving their victims more time to submit.
The Parisher Ransomware generates its 'income' through what is, for 2016, the standard practice of forcibly encrypting your data. Malware experts found current variants of the Parisher Ransomware as being more selective than most Trojans of this classification, and can only corroborate the Trojan's attacking databases, spreadsheets, and text documents, such as DOC and XLS. Other content, such as JPG images, appears to be unaffected.
Since the Parisher Ransomware doesn't make any name-based changes to the encoded content, the clearest symptom of the infection is an inability to open the files afterward. The Parisher Ransomware also generates a file ('1NFORMAT1ONFOR.YOU') that relays instructions on contacting one of four e-mail addresses for decryption help, leaving out any mention of a ransom fee. A second file ('ENCRYPT1ON.KEY123') holds the critical key for decoding the encryption algorithm.
Avoiding the the Parisher Ransomware's Punishment for Poor PC Protection
Any content encoded by the Parisher Ransomware is identifiable by its inclusion in a log that the Parisher Ransomware drops in the Windows directory. In scenarios where essential data is at risk, malware experts still discourage paying the Parisher Ransomware's administrators, who may not reply with any decryption help. Backing up that content on a daily basis, to removable drives or cloud servers ideally, provides options for restoring data that don't hinge on a single, original copy.
The Parisher Ransomware's payload format most strongly resembles variants of the Mobef Ransomware family, although malware experts have yet to confirm this possible connection. In either case, the Parisher Ransomware lacks a working, free decryptor, and any data enciphered by this threat may not be recoverable. The Parisher Ransomware campaign seems to target small business servers most closely, which should be protected by anti-malware and network security tools that can catch the Parisher Ransomware before it launches.
Stopping a file encrypting Trojan's infection before it happens is much easier than reversing all the damage that even an unsophisticated threat of this type can cause. With offshoots like the Parisher Ransomware, good network maintenance remains at least half the key to keeping your information secure.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 162.85 KB (162857 bytes)
MD5: 7d082fdf8f7a306c9a4fa65d73453f43
Detection count: 41
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: October 19, 2016
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.