Retis Ransomware
Posted: December 20, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 18,626 |
|---|---|
| Threat Level: | 8/10 |
| Infected PCs: | 553 |
| First Seen: | November 20, 2022 |
|---|---|
| Last Seen: | September 7, 2023 |
| OS(es) Affected: | Windows |
The Retis Ransomware is a C#-language Trojan that runs a background data-encrypting routine to block you from being able to use different formats of media, such as text documents. Post-encryption symptoms of an infection include hijackings of the desktop's background image and the presence of new extensions on the locked content. Malware analysts recommend having a robust combination of anti-malware protection for removing the Retis Ransomware and backups for retrieving anything that it damages.
A Trojan that Aims at Small Targets for Big Damage
A threat actor who calls himself RETIS is preparing to launch a campaign of file-locking attacks and extortion for the unlocking solution, with its infection strategies unidentifiable currently. Although decoding the blocking methods of the available samples should be straightforward relatively, malware researchers can't promise that future builds of the Retis Ransomware will refrain from changing the cryptography protocols, which use a hard-coded key currently. Users will, as usual, require backups for guaranteeing the retrieval of everything that this threat might block absolutely.
The Retis Ransomware is a C# programming language and Windows-based application, which attacks less than twenty formats of content. It also excludes the C drive, which may be a configuration choice strictly for testing purposes. An uninterrupted Retis Ransomware infection locks text documents (DOC, DOCX, ONE, TXT and PDF), Excel spreadsheets (XLS and XLSX), PowerPoint presentations (PPT and PPTX) and pictures (JPG, JPEG and PNG). These restrictions could help the Retis Ransomware finish its attack more quickly than typical and prevent a victim from identifying or interrupting it.
Although users can't open these files until they decrypt them again, they can recognize them from the new extensions the Retis Ransomware adds as signatures. Note that the Retis Ransomware shares its extension of '.crypted' with similar Trojans, such as the Nemucod Ransomware, the Masterlock@india.com Ransomware, and the ProposalCrypt Ransomware, although malware experts find no direct relationships between them.
Piracy Logos Spewing out Ransom Demands
The Retis Ransomware locks the user's desktop to an internal image, which is, so far, its only means of communicating its ransoming demands. Besides identifying Retis as the author and displaying ASCII-based skull art, the Retis Ransomware's picture also instructs the victims, in French, to pay within twenty-four hours for the file-unlocking key. Since malware experts are concluding that free decryption is highly possible with the Retis Ransomware's current release, any victims should consult with a trusted cyber-security researchers for free alternatives, before paying.
New versions of the Retis Ransomware may include a dynamically-created or secured key, which could block most efforts at a decryption solution. However, the people administrating threats of the Retis Ransomware's classification usually prefer currencies that allow them to commit fraud at will, which makes having a previous backup the surest recovery choice for all users. Anti-malware programs also should delete the Retis Ransomware as soon as they identify the threat on your computer.
Retis may be hoping to make the most out of a minimum of infection duration on any given computer. Since the Retis Ransomware is careful to target file types that almost any user would possess and value, it goes to show that taking a small amount of time to back that media up is a good idea.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.