Ransomnix Ransomware
Posted: August 24, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 94 |
First Seen: | August 24, 2017 |
---|---|
Last Seen: | February 11, 2019 |
OS(es) Affected: | Windows |
The Ransomnix Ransomware is a Trojan that encrypts your media, specializing in website database files, to hold it for ransom. Threat actors are issuing demands for payment within one week currently, using a crypto currency that isn't refundable without their permission, and malware experts recommend using any other recovery options available to you. Use responsible password management and have anti-malware products for identifying and removing the Ransomnix Ransomware if it tries to install itself through a hidden or misrepresented file.
Blogs at Risk of Ransom
Although the ransom money to collect from such targets remains relatively meager in comparison to targets like a nation's energy sector, bloggers are reappearing in the sights of threat actors who specialize in data-enciphering attacks regularly. Trojans like the Crypt12 Ransomware, the EV Ransomware, and, as of the twenty-first of August, the Ransomnix Ransomware, all make money by holding entire blog sites hostage. This file-encoding software is often introduced and launched by con artists who've already gotten manual access to a website's administrative account.
Prior reports by malware experts confirm the compromise of at least one non-compromised domain, a blog for personal health, although the means of account hijacking remains unreported. Threat actors are most likely using brute-force techniques to break the password and user name combinations of the target accounts, which is especially potent against passwords that are short, simple, or commonly-used (such as 'admin1' or 'password123'). The remote attacker can, then, download and run the Ransomnix Ransomware on the server.
The Ransomnix Ransomware encrypts all website database-related formats and replaces the landing page with a custom one. The new page, which is visible to any visitor, displays a ransom demand for Bitcoin payments to decode and recover your site's pages. The threat actors also implement a time limit of one week and claim to increase the cost daily, although malware experts also noted that some of the message's custom values are blank placeholders.
Stopping the Extortion that Starts at Your URL
Always change passwords and related security data for any account as soon as possible after detecting a potential compromise. Unique passwords with more characters and significant variance (such as numbers and random cases) are less vulnerable than simpler ones to brute-force-based attacks that could give a con artist control over the account. While the Ransomnix Ransomware has no features meant to seed the website, itself, with unsafe content, or otherwise harm the site's traffic, threat actors deploying it could undertake other actions outside of this article's subject matter.
Malware experts have yet to confirm the Ransomnix Ransomware's boast of using the RSA-2048 encryption and recommend having backups to keep your data safe from any attacks without free decryption possibilities. Samples also may be offered to any appropriate security researchers with a history of providing freeware solutions to similar threats like the Hidden Tear and the Globe Ransomware families. Keep your backups inaccessible or accessible only via protected login to avoid any deletion or encoding risks, and use conventional anti-malware products for removing the Ransomnix Ransomware or isolating it.
Most blogs are low-hanging fruit that tempts threat actors into targeting them, due to improper security protocols. A bad password and omitting a backup schedule are poor habits that usually may not matter up until the point where con artists capitalize on them and cash out via the Ransomnix Ransomware and Trojans just like it.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.