R980 Ransomware
Posted: July 28, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 30 |
| First Seen: | July 28, 2016 |
|---|---|
| OS(es) Affected: | Windows |
The R980 Ransomware is a Trojan that generates ransom notes and may conduct other attacks that block your access to data, such as deleting, hiding or encrypting files. Although the R980 Ransomware's campaign demands Bitcoin payments for the safe return of your data, malware researchers recommend using more reliable solutions than paying con artists traditionally, such as overwriting damaged content from a backup. Using your anti-malware products to delete the R980 Ransomware is separate from the data restoration process, but will stop this threat from harming any additional files.
A Trojan Hiding Flaws Behind Threats
Encrypting files automatically is a relatively easy way of putting a victim in a situation where they have to choose between giving on artists their money or dealing with large-scale data loss. However, not all on artists possess the talent or resources needed for creating a file encryptor, which is why malware analysts sometimes see campaigns like the R980 Ransomware's own. This Trojan, either poorly-developed or still a work in progress, includes most of the features of a threatening file encryptor with the notable exception of the data-encrypting attack.
Although some components of the R980 Ransomware's C&C infrastructure are hosting themselves on Pakistani hotel-booking websites, the distribution vectors for the R980 Ransomware and its initial installers aren't yet identifiable. The R980 Ransomware has no self-distribution functions, such as the copying feature of a worm, and can't distribute itself across networks without the assistance of a third-party threat. Current samples of the R980 Ransomware use packing techniques for concealing their code, and malware experts noted very low detection rates for this Trojan among most anti-malware brands.
The R980 Ransomware's installation follows with its generating ransom notes in both text and image-based formats. These messages include standard ransomware threats and requests, such as warning that the R980 Ransomware has used government-level encryption techniques to damage your files, and asking for a 0.5 Bitcoin payment (approximately 300 USD) for a data-restoring decryptor. However, current versions of the R980 Ransomware Trojans have no ability to encrypt your files. Your content may be flagged with Hidden tags to prevent them from being seen, or even deleted.
Clearing the Clutter of a Questionable Trojan
One of the most unusual characteristics of the R980 Ransomware as a threat also is its most visible symptom: a function for generating randomly-named 'junk' files that it places on the infected PC's desktop. This feature is possibly meant to take the place of a real encryption attack by confusing any victims into believing that their data has been moved and renamed. Other symptoms include its deposited ransom messages and a potential executable error when the R980 Ransomware installs itself.
Even though the R980 Ransomware's only confirmed Command & Control elements base themselves on Pakistani Web domains, this portion of the Trojan's campaign does not seem to have a correlation to its targeted victims. The R980 Ransomware delivers its ransoms in English, making regions such as Europe and North America its most probable targets, as is statistically corroborated with previous threat campaigns.
Patching programs regularly and scanning files arriving from unsafe sources are your most basic defenses against the infection vectors favored by threats of the R980 Ransomware's category. Although malware experts can't condone paying the ransom, removing the R980 Ransomware through any trustworthy anti-malware product and recovering your content from a backup is the safest means of restoring your PC.
Threat authors with the intention to harm your PC don't always need much technical expertise for success. Even a half-crippled threat like the R980 Ransomware has the capability of being threatening when PC owners don't protect themselves.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.