Relec Ransomware
Posted: November 13, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 1/10 |
|---|---|
| Infected PCs: | 81 |
| First Seen: | October 6, 2020 |
|---|---|
| OS(es) Affected: | Windows |
The Relec Ransomware is an in-development Trojan that claims to lock your files with encryption and generates pop-up forms asking you to pay Bitcoins for unlocking them. Although the Relec Ransomware is incomplete, an updated version of this threat could block media permanently, change security and cosmetic system settings automatically, and communicate with an external server. Users should assume that this Trojan is capable of damaging their data and use anti-malware programs to block and remove the Relec Ransomware, while restoring their files from backups, as appropriate.
<3>A New Brood of Python Trojans
Although malware researchers often see Python-based Trojans using the same file-locking properties as projects like Hidden Tear, these threats can arrive in different stages of development. Finished ones, like CypherPy Ransomware, contrast with works-in-progress like the Relec Ransomware, which makes its source code available for free. Although its author claims that the Relec Ransomware is for 'educational purposes' only, the outline of its future payload equips this Trojan with all of the features appropriate for extorting money from various PC users theoretically.
Malware analysts have yet to see versions of the Relec Ransomware with working encryption, and the Trojan also does not include any current features for changing the names of the files it's supposedly capable of locking. However, most other characteristics of the Trojan's payload do function as intended, including a feature for resetting the desktop's wallpaper to an image that the Relec Ransomware downloads, a Notepad text-based ransom note, and a pop-up dialog box. The last of these items includes a built-in ransoming demand that asks for 'one Bitcoin,' sent to a placeholder address, to buy the key for decoding and unblocking your media.
Other, potential features that the Relec Ransomware's author plans to include are as follows:
- Extension-targeting attacks may filter what types of media to block according to their formats, such as DOC, PNG or PDF.
- A bundled decryption feature may decode and unlock your files, but only once you input the custom key (which the Relec Ransomware uploads to a C&C server theoretically).
- A limited, Windows API-based structure that allows the Relec Ransomware to run in a wide variety of Windows environments without requiring specific libraries such as MFC.
Keeping Hacking Warnings from Being a Cause for Concern
Whether or not its file-locking functionality triggers, the Relec Ransomware generates its pop-up alerts automatically claiming that it's attacked your computer and damaged its local media successfully. If it does receive sufficient development attention to be capable of delivering these attacks, victims may identify any encoded content by its refusal to open in related programs, with documents, pictures, and other, work-related media being preferable targets especially. Readers also should be aware of the natural risks of paying Bitcoin ransoms, which con artists like the Relec Ransomware's authors may accept without any intention of providing a decryption service back to the user.
The Relec Ransomware is compatible with a diverse range of Windows environments and has an executable size of a negligible 250 kilobytes. While malware experts can only estimate its potential distribution strategies, threat actors often install file-locking Trojans by spamming e-mail attachments or phishing local server logins. Always have your anti-malware products scanning new files to delete the Relec Ransomware as soon as possible, and schedule regular backups to keep your media safe from attacks abusing cryptography that may not be breakable.
The Relec Ransomware's author appears to have high hopes about the potential of this Trojan, whose development plan is boasting a flexible variety of low-footprint features. Whether it stays crippled or becomes upgraded to a more severe threat, your best protection from the Relec Ransomware is the combined strength of a rigorous backup schedule and dedicated security products.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.