Pickles Ransomware
Posted: February 24, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 18 |
| First Seen: | February 24, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The Pickles Ransomware is a Trojan that renames and encrypts your files to lock them, after which it tries to sell its victims a password for its decryption application. Since con artists sometimes take their ransoms without providing anything in exchange, malware experts note the usefulness of keeping backups for restoration that this Trojan can't attack. Although this threat is new, numerous brands of anti-malware products have proven themselves capable of detecting and deleting the Pickles Ransomware on sight.
Trojans not yet complete can be just as threatening to any infected PC like the ones that are labeled finished projects, largely due to the unpredictable, and sometimes irreversible, effects of their payloads. The Pickles Ransomware joins other Python language-based Trojans like the PyL33T Ransomware and the HolyCrypt Ransomware in using encryption to lock you out of your media, such as documents or photos. Although the HolyCrypt Ransomware's methodology isn't highly divergent, it does show some cues that individualize it and the people operating its campaign.
To begin with, the Pickles Ransomware creates a unique identifier for the infection that it delivers in its ransom (see below). Then, the Pickles Ransomware uses what its message claims as being an AES-based encryption method for encoding and, consequently, blocking your files. The '.EnCrYpTeD' extension helps identify what content is under encryption, but the Pickles Ransomware also replaces the rest of the file name with an arbitrary string of characters. To finish its attack, the Pickles Ransomware creates extortion demands through both image-based and text-based files.
During attacks of this type, many coin artists will hold the decryption software up for ransom. The Pickles Ransomware, instead, installs the decryptor along with its other files but also implements password protection. Its authors assume that the victim will pay for the password out of hope that the decryption program can provide full data restoration, without testing it first.
Keeping the Pickles Ransomware Off the Menu
Although its extortion template creates a three-day time restriction on paying, the Pickles Ransomware also includes a significant vulnerability. The hard-coded decryption password of 'pickles' should be consistent between infections. However, con artists may opt to change that password for future builds, and malware researchers continue seeing value in keeping a backup as a defense against all file-encoding attacks.
Unlike some categories of threatening software, such as keyloggers, the Pickles Ransomware displays very obvious symptoms. PC users should avoid relying on such clues to protect their data since their appearance is an aftereffect almost always following the successful lock-down of large quantities and formats of local data. This developing campaign has not yet had its infection avenues confirmed, although malware researchers recommend running anti-malware scans with e-mail attachments and other downloads to delete the Pickles Ransomware and similar threats particularly.
The Pickles Ransomware may not be a finished project, but its limitations are a side effect of at least one threat actor's intent to continue developing it. Updating your security software and backing up your files with just as much industriousness as today's con artists can pay dividends for your PC's safety.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 3.93 MB (3930517 bytes)
MD5: 8102289c4bb4f0683f56701911252b11
Detection count: 99
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: February 25, 2017
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.