Roga Ransomware
Posted: December 23, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 93 |
| First Seen: | December 23, 2016 |
|---|---|
| OS(es) Affected: | Windows |
The Roga Ransomware is a Trojan that pretends to encrypt your files and may sell a decryption key or service to its victims for recovering the blocked data. These attacks are most remediable by restoring the content from an unaffected backup, although other methods of restoration also may be possible. Since this threat may hinder your accessibility to other software or security features, you should use dedicated anti-malware products to remove the Roga Ransomware before addressing any concerns about its damage to your files.
When It's Worth Disbelieving Threats from File Lockers
Re-branding is a rampant problem in the threat industry, with updates and re-releases of old threats making it difficult to identify the real origin of a threat. If traced successfully, however, that ancestry can provide invaluable information, as malware experts are finding with the Roga Ransomware, the new version of the Free-Freedom Ransomware. Although both Trojans try to pass off their attacks as being file-encrypting lock-downs, their actual payloads involve modifying with file permissions settings.
When it executes, the Roga Ransomware may change the permissions of data formats, such as documents, or specific directories, to forbid the logged-in user from opening or modifying them. The Roga Ransomware also includes an updated HTA pop-up alert that, like the Free-Freedom Ransomware, misrepresents its attack as being a file-encrypting one. The Web infrastructure the Roga Ransomware provides for 'decrypting' the victim's content is down currently, leading malware experts to estimate that the Trojan's campaign still is in development.
The Roga Ransomware also has a new feature that may help identify any affected content: it appends the '.madebyadam' extension to the fake-encrypted filenames. Since they can be useful for sorting content that the Trojan attacks from other data, malware experts don't recommend removing these extensions before taking other, more relevant data recovery steps.
A Password to Escape from Adam
Surprisingly, the Roga Ransomware's author hasn't covered the most obvious vulnerability of the Free-Freedom Ransomware: the use of a hard-coded password. Entering 'adamdude9' will remove the pop-up window and launch the 'decryption' process, which fails. Since this threat doesn't use legitimate encrypting features in the first place, PC users should attempt other data recovery options, such as recovering from a backup or reversing any permissions changes to their individual files.
The Roga Ransomware continues seeing high rates of avoiding major brands of AV solutions successfully. Always keep your anti-malware products updated to help them identify newly-released threats. Its campaign is targeting English speakers and may be focusing on Britain, based on the ransom payment preferences of the previous Trojan in its line of ancestry. Ideally, active anti-malware protection can detect and delete the Roga Ransomware before it finishes installing itself and locking your files.
Although the faces and names of threat campaigns change even more quickly than the weather, the threat actors responsible for them may be consistent. The Roga Ransomware and the Free-Freedom Ransomware both use the fear of data encryption to solicit the same ransom-based profits as real file-enciphering Trojans, making them problems for anyone who believes what pop-ups say without question.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.