Rush/Sanction Ransomware
Posted: March 22, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 84 |
First Seen: | March 22, 2016 |
---|---|
OS(es) Affected: | Windows |
The Sanction Ransomware is a Trojan that encrypts your personal or work-related data and asks for Bitcoin payments for undoing the encryption. Since there are no free decryptors currently available for the Sanction Ransomware, malware experts emphasize the proper usage of backups for limiting any damages its payload might cause. Whether or not you can restore any information impacted by its attacks, you shouldn't hesitate to remove the Sanction Ransomware with anti-malware software, like any similar, equally high-level threat.
The Trojan Sanctioning Taking Your Files Away from You
Con artists have shown various degrees of interest in different methods of collecting money from victims affected by their threats. In the simplest of circumstances, a Trojan may cause some form of damage to your PC, and change file names to promote an e-mail address through which negotiations can take place. Other threats, like the Sanction Ransomware, prefer offering a more sophisticated means of ransom demands, with interactive pop-up windows and advanced UI components.
However well thought out its ransom collection method may be, the Sanction Ransomware still is reliant on typical file encrypting attacks for providing an original incentive for its victims to pay. The Sanction Ransomware targets non-critical files on your hard drive, such as images, audio files, spreadsheets or Microsoft Office documents. The Sanction Ransomware then runs them through an encryption routine, similar to that used by a file compressor (like WinZip). Unlike legitimate file encryptors, the Sanction Ransomware doesn't offer the PC user a free means of restoring their data to the original format. Instead, they're asked to pay a Bitcoin ransom (currently over a thousand USD in value) for getting the decryption service from the Sanction Ransomware's authors.
In comparison to other, equally threatening file encryptors, malware experts see the Sanction Ransomware emphasizing ease of use for its ransom payments. Its ransom message, an HTML pop-up, includes various fields for helping facilitate the ransom transaction process, culminating in a 'click to send decryption request' button. The accessibility of this process could lead more victims than usual into paying the Sanction Ransomware, although there still is a significant chance that con artists may collect the money without decrypting the data.
Preventing Bitcoin from Being a Sanctuary for Encryptor-Based Ransoms
Despite placing its victims under a strict time limit before supposedly deleting its decryption key, the Sanction Ransomware puts your information at risk without guaranteeing that the Sanction Ransomware can provide any services related to undoing its attacks. Until experts in the PC security industry distribute a free decryptor for this threat, malware experts place the most emphasis on using backups that can make the possibility of decrypting any files moot. Backups kept on habitually disconnected, removable drives, or cloud storage accounts, rarely are targets of attacks by file encryptors like the Sanction Ransomware. However, local backups and backups through easily-accessed network-shared drives may be vulnerable to encryption or deletion.
Most file encryptors prefer using e-mail-based infection vectors. Your anti-malware products can scan attachments accompanying new messages that may be capable of installing the Sanction Ransomware with a concealed Trojan dropper or exploit. In other circumstances, browser-based security features may be needed for blocking threatening Web content that could compromise your PC. Infection methods aside, you always should prioritize deleting the Sanction Ransomware with proper security software before restoring any encrypted files.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.