Ramsey Ransomware
Posted: June 5, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 3 |
| First Seen: | June 5, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The Ramsey Ransomware is a variant of the Jigsaw Ransomware and, like its ancestor, may delete your files, lock them with encryption, and create desktop-blocking pop-up attacks. You can restrict its potential damages by backing your media up to somewhere safe, such as a USB drive, or use free decryption as an alternative to paying the ransom. Since this threat can cause significant file loss to a compromised PC, users always should wait as little time as possible before using anti-malware programs for uninstalling the Ramsey Ransomware.
Turkish Trojans Making a Turkey out of Your File System
Threat actors are sending out a new version of one of the most infamous file-encoding Trojans of recent years: an updated variant of the Jigsaw Ransomware. This fork, the Ramsey Ransomware, is specialized for attacking Turkish systems, but its file-encrypting attacks are viable against other targets, regardless of the system's language settings. Malware experts also note other dangers associated with this family that could lead to permanent file damage and destruction, even beyond that inherent in an encryption attack.
Even though malware experts have yet to excavate firm evidence of how the Ramsey Ransomware is installing itself, its associated file data implies that the con artists are hiding it as a fake update or installer for the Firefox Web browser. This 3.6-megabyte file shows relatively few changes from old versions of the Jigsaw Ransomware, but continues using a majority of its attacks, as follows:
- The Ramsey Ransomware will encrypt data automatically, making it illegible to your associated programs, until you can decrypt it back to normal. Documents and other media are high-priority targets for most encryption attacks.
- The Trojan also utilizes the Jigsaw Ransomware's most worrisome function: a file-deleting routine that triggers based on a timer (see below). Malware experts also advise against rebooting carelessly, due to the Ramsey Ransomware's potential for deleting files every time Windows restarts.
- The largest change the Ramsey Ransomware shows from the old Jigsaw Ransomware is the text in its pop-up message for collecting ransoms. While it still uses a similar overall format, with embedded payment and file-viewing options, the Ramsey Ransomware's instructions are in Turkish instead of the usual English.
Solving the Cyber-Extortion Puzzle Once and for All
It could be considered an economic compliment that threat actors view Turkey as a viable target for data-based hostage-taking and extortion. File-encrypting campaigns often are launched against business entities that have money for paying potentially high fees to decrypt anything that doesn't have an unharmed backup. The Ramsey Ransomware also poses the additional risk of deleting the files it encrypts under multiple conditions, which makes having a backup even more important than usual.
Malware experts also endorse using free decoding solutions, such as the decryption programs developed by the anti-malware sector, instead of paying a con artist's ransom. Since the Ramsey Ransomware continues the tradition of asking for its money in Bitcoins, victims who make the transaction under the impression that they can receive a refund for lack of a decryptor will find themselves mistaken. Systems protected by anti-malware software should delete the Ramsey Ransomware before it can begin encrypting any of your local media.
The stakes at risk with current Ramsey Ransomware infections are limited to twenty-five USD in cryptocurrency ransoms. However, there's nothing stopping the threat actors from increasing their prices, and PC users would be rash to depend on Trojan developers not wanting to maximize their profits.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.