'.perl File Extension' Ransomware
Posted: October 25, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 35 |
| First Seen: | October 25, 2016 |
|---|---|
| Last Seen: | May 5, 2022 |
| OS(es) Affected: | Windows |
The '.perl File Extension' Ransomware is a permutation of the Bart Ransomware, a Trojan that locks your data in password-protected ZIP files and asks for a ransom for restoring them. Because paying ransoms to con artists for data recovery is unreliable naturally, and this family has already proven decryption methods open to the public, malware experts suggest that you withhold your money when possible. Standard anti-malware tools also can negate the attack by removing the '.perl File Extension' Ransomware before the payload routine completes itself.
A New String of Pearls for the Trojan Called Bart
A 'new' threat campaign is often just a slight deviance or branch-off of an identical series of Trojan attacks, with changes made to peripheral details like the program's C&C communications, ransom methods, or choices of social engineering tactics. One example of this pattern in action in the wild is the '.perl File Extension' Ransomware, an update or fork of the Bart Ransomware. The Bart Ransomware's installation uses Trojans also associated with bank account-based spyware attacks and the minimal differences between it and the '.perl File Extension' Ransomware make the second Trojan's campaign one that may carry more dangers than just a ransom message.
The '.perl File Extension' Ransomware doesn't use the extortion exploit that made the Bart Ransomware notable previously by placing your files into compressed ZIP archives. Instead, the '.perl File Extension' Ransomware uses the much more archetypal method of encrypting data of specific formats directly and then inserts a new extension (in this case, '.perl') into their names. Malware experts concluded that the choice of extension has no meaningful connection with the programming language of the same name.
Besides blocking your files, the '.perl File Extension' Ransomware creates ransom messages that are standard to past attacks by its relative, the Bart Ransomware. These text and BMP files urge you to load a Tor-protected website for paying a ransom to get your files decrypted.
Stopping Your Data from Being Strung Up for a Trojan's Ornamentation
Although decoding options did see public release for old versions of the Bart Ransomware eventually, the differences in encryption methods between it and the '.perl File Extension' Ransomware makes it unlikely that old solutions are compatible with this threat campaign. PC owners interested in assisting with the development of new decryptors can submit the encrypted data and samples of threats like the '.perl File Extension' Ransomware to security researchers upon request. To keep restricted decryption help from becoming an issue, malware experts advise backing your content up on a regular basis, particularly to a non-local resource that the '.perl File Extension' Ransomware can't attack.
Past threats affiliated with the '.perl File Extension' Ransomware also can install other types of threatening software, including Trojans that show few symptoms or engage in attacks less visible than renaming and encrypting your files. Always allow your anti-malware products to scan your PC in full when trying to delete the '.perl File Extension' Ransomware, and, when appropriate, use procedures such as Safe Mode boot-ups for eliminating interference from threats.
Although it sees competition from other areas, e-mail remains the top infection vector for campaigns like the '.perl File Extension' Ransomware. Open all your e-mail attachments with care, unless you place little value in your documents locking under a permanent cipher.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.