Runsomewere Ransomware

Posted: November 25, 2016
Threat Metric
Threat Level: 8/10
Infected PCs 9

Runsomewere Ransomware Description

The Runsomewere Ransomware is a Trojan using code borrowed from the open source Hidden Tear and EDA2 projects. Its central features include hijacking your desktop with movie imagery, encrypting your files, and generating messages for ransom payments. Paying these illicit fees may not recover your data, and malware researchers most usually encourage restoring it through backups, along with stopping the Runsomewere Ransomware with any preferred anti-malware products.

A Familiar Face in File-Encrypting Attacks

Television and cinema are popular wellsprings of branding for con artists to graft onto their threat campaigns. One of the most notorious attempt at such brand embellishment is the abuse of the 'Saw' movie's puppet mascot for delivering extortion messages in the Jigsaw Ransomware campaign. After months, malware experts now see a new threat using the same type of imagery: the Runsomewere Ransomware.

Both of these threats share their core traits of using file-encrypting attacks to create a possible money-extorting scenario on your PC. The Runsomewere Ransomware has a confirmed family basing itself on Hidden Tear and EDA2 and continues using the project's traditional, AES-based encryption method. The encryption process may or may not include an additional feature for modifying the file name, such as by creating a new extension, although such changes are cosmetic in nature strictly. Either way, the encrypted content can't open or be read until after a specialized decryptor decodes it.

The Runsomewere Ransomware completes its payload by resetting the Windows desktop image to its provided 'Jigsaw' picture, with the apparent intent of scaring the victim into paying its ransom. Malware experts haven't acquired enough samples to determine patterns in the extortion payment side of the Runsomewere Ransomware's campaign, but most threats of its category prefer Bitcoin transactions starting at over a hundred USD.

Helping Your Hard Drive Escape an Information Death Trap

The Runsomewere Ransomware is showing none of the additional proclivities that made the first Jigsaw Ransomware so infamous currently, such as deleting your files periodically (in addition to any encryption). Despite being a lesser threat, by comparison, the Runsomewere Ransomware does represent potentially irrecoverable file damage that can destroy documents, pictures, spreadsheets, and other media that it finds on any local, network-mapped or removable drives. Observing a proper backup strategy is highly effective at limiting digital ransom attempts like the Runsomewere Ransomware's payload.

While malware researchers have yet to confirm the Runsomewere Ransomware's infection methods, most file-encrypting Trojans prefer dissemination via e-mail campaigns. In other instances, threat actors may install the Runsomewere Ransomware by hacking weakly password-protected RDP accounts or using exploit kits that they insert onto hostile websites. Active anti-malware protection can detect most of these vulnerabilities and remove the Runsomewere Ransomware before any irrecoverable harm occurs.

The Runsomewere Ransomware is hiding its attacks behind an old mask, but equally well-aged anti-malware and PC security strategies are just as valid as always for keeping this threat under control.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Runsomewere Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware Runsomewere Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.