Philadelphia Ransomware

Posted: September 9, 2016
Threat Metric
Threat Level: 10/10
Infected PCs 2,998

Philadelphia Ransomware Description

The Philadelphia Ransomware is an update of the Stampado Ransomware and, like that threat also encrypts your files so that it can bargain for their restoration after you pay a ransom. Different builds of the Philadelphia Ransomware may target different types of data or install themselves through differing methods, although malware experts did verify the use of e-mail spam in the initial waves. Ideal recovery scenarios from this threat include deleting the Philadelphia Ransomware with your favored anti-malware product and restoring it from a remote, non-encrypted backup.

It's Always Raining Trojans in the Philadelphia

The tension between the PC security industry and threat authors trying to profit off of various vulnerabilities can be said to be at its most visible after the release of an update or variant of an old, previously cracked Trojan. When researchers at Emsisoft found weaknesses that allowed them to develop free decryption solutions for the Stampado Ransomware, its author responded by inserting insults into the code of the Trojan's next update. Now, he's providing a brand new Trojan to any fellow con artists willing to pay the four hundred USD fee: Philadelphia Ransomware, the successor to Stampado Ransomware.

The Philadelphia Ransomware is in the wild with its author claiming to compromise twenty thousand separate PCs in the first day, with its infection vector using e-mail attachments disguising themselves as payment warnings from the Brazilian Ministry of Finance. Opening the 'document' redirects the victim to a Java-based application that installs the Philadelphia Ransomware.

A third-party threat actor controls some of the details of the Philadelphia Ransomware's configuration via the 'the Philadelphia Headquarters' utility. Current versions of the Philadelphia Ransomware include removable devices and network-based drives in its sweep for files to encrypt. Currently, malware experts corroborate its targeting thirty-three formats, including DOC, JPG, PPT, RAR, TXT, and ZIP. The Trojan also includes a hefty assortment of other, optional features, which may vary on a build-to-build basis (such as compromising other PCs over networks, deleting files via a 'Russian roulette' feature, or decrypting content automatically).

Sending the Trojan from Philly Back Home Penniless

Two of the Philadelphia Ransomware's most unorthodox features include its bridge-based communications infrastructure, which leverages PHP script-based distributed networks, and its 'give mercy' button that lets a con artist decrypt the victim's files without charging a ransom. However, in the Rainmaker's haste to innovate with his new product, he also introduced vulnerabilities into the Philadelphia Ransomware campaign that could help the PC sector's tracking of its activities. Early research into the possibility of cracking the Philadelphia Ransomware's encryption algorithm and creating a free decryptor also is favorable.

PC users in possession of valuable files should avoid depending on the generosity of con artists for recovering that content. Using backups on a secure cloud server or device left detached from the infected system can offer means of data restoration without needing to decrypt anything. Victims also can wait for the PC security sector to create a free decryption tool.

The Philadelphia Ransomware may block an infected PC's desktop with its ransom message. Use standard anti-malware strategies and software, such as booting into Safe Mode and, then, scan your PC, to uninstall the Philadelphia Ransomware. Although the Rainmaker intends the Philadelphia Ransomware to be the next 'big thing' in his threat business, all initial signs point to its being shut down by a combination of good security practices and the active efforts of the security community.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Philadelphia Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%APPDATA%Isass.exe File name: Isass.exe
Size: 828.79 KB (828799 bytes)
MD5: ce4752100c2f9adb14e6603dffeb203a
Detection count: 68
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: June 13, 2017
file.exe File name: file.exe
Size: 115.84 KB (115846 bytes)
MD5: 33473f907c07244158560c052a930634
Detection count: 20
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: May 3, 2017

More files

Home Malware Programs Ransomware Philadelphia Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.