Ransom32 Ransomware
Posted: January 5, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 8/10 |
---|---|
Infected PCs: | 333 |
First Seen: | January 5, 2016 |
---|---|
Last Seen: | December 13, 2022 |
OS(es) Affected: | Windows |
The Ransom32 Ransomware is a JavaScript-based file encryptor that scans for files of particular formats, encrypts them to make them unreadable, and finally displays a ransom message to force you to purchase a decryption key. Although the Ransom32 Ransomware's development platform of choice is historically important, the Ransom32 Ransomware shows no signs of having significant features over similar threats, besides a low AV detection rate. For now, malware experts can continue emphasizing the intelligent use of data backup strategies for preventing any file damage, while also using anti-malware products to delete the Ransom32 Ransomware and related threats.
A Ransom Riding on the Back of a Development Kit
JavaScript, while a common element in the delivery of threatening software, rarely has much direct involvement in the underlying code of the threats that they help install. However, 2016 has shown an exception to that rule in the Ransom32 Ransomware, a fully-featured file encryption Trojan operating solely off of JavaScript, rather than C++ or another, 'standard' coding language. The Ransom32 Ransomware operates under JW.js, a derivative of Node-WebKit. This platform works on the same principles as JavaScript functionality in your Web browser, but with many of the limitations removed.
The Ransom32 Ransomware uses these capabilities to scan for files on your hard drive of appropriate types, such as MP4 audio files, Office documents, spreadsheets and JPG images. The data targeted by the Ransom32 Ransomware goes through a 128-bit AES encryption process that security experts at Emsisoft have, so far, deemed unbreakable. The files are unusable without a corresponding decryption routine, which is a service the Ransom32 Ransomware offers at a premium through a pop-up message.
The Ransom32 Ransomware also uses a straightforward control interface for its administrators, including supporting attack options, such as the ability to 'fully lock' the computer, display other forms of pop-ups or modify its ransom fee.
Keeping Your PC out of the Targeting Framework of New Ransomware
The Ransom32 Ransomware's developers rent their threat's services out to other people on a rental basis, profiting from a percentage of any ransoms paid. This business model, which is popular in the threat industry, means the Ransom32 Ransomware could see distribution through a range of different strategies. However, to date, the Ransom32 Ransomware only has been seen using Windows-based infection methods transferred via e-mail attachments. Malware experts do warn that the JavaScript platform could let third parties redesign the Ransom32 Ransomware for targeting non-Windows systems extremely easily.
Both because of its relative newness to the threat industry and its unique coding language, the Ransom32 Ransomware has only a minority of detections with most anti-malware vendors, many of which are generic. However, the Ransom32 Ransomware does use an unusually large (over twenty megabyte) file size, which could make it slightly more visible during delivery. PC users who want to protect their data from the Ransom32 Ransomware should, instead of paying its ransom, use a remote file backup storage that can block the Ransom32 Ransomware from compromising any essential files. Updated anti-malware products still should be used for detecting and removing the Ransom32 Ransomware from your system.
Of course, refraining from opening suspicious e-mail attachments also offers a surefire way of avoiding the Ransom32 Ransomware's current campaign.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%Temp%\nw3932_17475
File name: %Temp%\nw3932_17475Group: Malware file
%AppData%\Microsoft\Windows\Start Menu\Programs\Startup\ChromeService.lnk
File name: %AppData%\Microsoft\Windows\Start Menu\Programs\Startup\ChromeService.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%AppData%\Chrome Browser\.chrome\cached-microdesc-consensus
File name: %AppData%\Chrome Browser\.chrome\cached-microdesc-consensusMime Type: unknown/chrome\cached-microdesc-consensus
Group: Malware file
%AppData%\Chrome Browser\.chrome\cached-microdescs.new
File name: %AppData%\Chrome Browser\.chrome\cached-microdescs.newMime Type: unknown/new
Group: Malware file
%AppData%\Chrome Browser\.chrome\lock
File name: %AppData%\Chrome Browser\.chrome\lockMime Type: unknown/chrome\lock
Group: Malware file
%AppData%\Chrome Browser\.chrome\state
File name: %AppData%\Chrome Browser\.chrome\stateMime Type: unknown/chrome\state
Group: Malware file
%AppData%\Chrome Browser\chrome.exe
File name: %AppData%\Chrome Browser\chrome.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AppData%\Chrome Browser\chrome
File name: %AppData%\Chrome Browser\chromeGroup: Malware file
%AppData%\Chrome Browser\ffmpegsumo.dll
File name: %AppData%\Chrome Browser\ffmpegsumo.dllFile type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
%AppData%\Chrome Browser\g
File name: %AppData%\Chrome Browser\gGroup: Malware file
%AppData%\Chrome Browser\icudtl.dat
File name: %AppData%\Chrome Browser\icudtl.datFile type: Data file
Mime Type: unknown/dat
Group: Malware file
%AppData%\Chrome Browser\locales\
File name: %AppData%\Chrome Browser\locales\Group: Malware file
%AppData%\Chrome Browser\msgbox.vbs
File name: %AppData%\Chrome Browser\msgbox.vbsMime Type: unknown/vbs
Group: Malware file
%AppData%\Chrome Browser\n.l
File name: %AppData%\Chrome Browser\n.lMime Type: unknown/l
Group: Malware file
%AppData%\Chrome Browser\n.q
File name: %AppData%\Chrome Browser\n.qMime Type: unknown/q
Group: Malware file
%AppData%\Chrome Browser\nw.pak
File name: %AppData%\Chrome Browser\nw.pakMime Type: unknown/pak
Group: Malware file
%AppData%\Chrome Browser\rundll32.exe
File name: %AppData%\Chrome Browser\rundll32.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AppData%\Chrome Browser\s.exe
File name: %AppData%\Chrome Browser\s.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AppData%\Chrome Browser\u.vbs
File name: %AppData%\Chrome Browser\u.vbsMime Type: unknown/vbs
Group: Malware file
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.