Pirateware Ransomware

Posted: July 11, 2017

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	88

First Seen:	July 11, 2017
OS(es) Affected:	Windows

The Pirateware Ransomware is a Trojan that claims to lock your files and offers you a decryption key after you pay its ransom. Current versions of the Pirateware Ransomware have no encrypting functions, although malware experts still recommend treating it as a prospective threat to your computer and any local media. Use anti-malware programs for blocking the Pirateware Ransomware or removing this Trojan after it infects your computer.

Bandits Sailing the Cyber-Seas with Bluster

Aesthetics are often the focal point for any early efforts by casual threat actors. Logos, brand names, and background skins often are completed before the programmer finishes coding the attacks meant to use them. As one instance of this cart-before-the-horse philosophy, malware experts are citing the Pirateware Ransomware.

The Pirateware Ransomware is a Trojan of no known family, without features related to well-explored Trojans like Hidden Tear or EDA2. This in-development threat only has one function: a pop-up-generating feature that creates an HTML application-based window. The accompanying text in the window claims that the victim's media is being held hostage by a combination of the AES and RSA two-layer encryptions, a secure data-encoding method that isn't subject to being cracked. Other features of interest in the Pirateware Ransomware's alert include a wallet address field (for paying the ransom), a supposedly built-in decryption application that requires a key, and a messaging system for communicating with the threat actor.

Most of these features are typical for any file-encrypting Trojans with well-developed UIs although malware analysts rarely find messaging features bundling directly with the ransom notes. However, despite all the appearances of being a Trojan with file-encoding features, the Pirateware Ransomware doesn't encrypt files, nor does it rename them to imitate such an attack.

Protecting Your Files from Becoming Plunder

Until the Pirateware Ransomware finishes its construction process, malware analysts are reluctant to speculate about any encryption methods its author may or may not choose for inclusion in its payload. While some families of Trojans use data encoding algorithms that may be vulnerable to being broken, others are immune to third-party solutions effectively. Any users that wish to keep any commonly-victimized formats of files (such as text documents) undamaged should be sure to back them up to a removable drive or a secondary server.

In this early stage of the Trojan's development, the detection rates for the Pirateware Ransomware are averaging at fifty percent among reputable anti-malware products. Such programs also can block many of the vectors that threat actors can use for installing Trojans today, such as e-mail attachments, exploit kit-infested websites, and bad scripts. Organizations in the private business sector are at risk especially and should try to disable and delete the Pirateware Ransomware with appropriate security tools without letting it gain access to any secondary, network-accessible systems.

In a perfect world, programs like the Pirateware Ransomware never would be in development, but in a slightly less than perfect one, readers can hope that it never gets finished. Whichever result might happen, it's clear that not backing up your files is putting your media in the line of sight for a modern-day pirate.

Pirateware Ransomware

Threat Metric

Bandits Sailing the Cyber-Seas with Bluster

Protecting Your Files from Becoming Plunder

Leave a Reply