Rush/Sanction Ransomware

Posted: March 22, 2016
Threat Metric
Threat Level: 10/10
Infected PCs 84

Rush/Sanction Ransomware Description


The Sanction Ransomware is a Trojan that encrypts your personal or work-related data and asks for Bitcoin payments for undoing the encryption. Since there are no free decryptors currently available for the Sanction Ransomware, malware experts emphasize the proper usage of backups for limiting any damages its payload might cause. Whether or not you can restore any information impacted by its attacks, you shouldn't hesitate to remove the Sanction Ransomware with anti-malware software, like any similar, equally high-level threat.

The Trojan Sanctioning Taking Your Files Away from You

Con artists have shown various degrees of interest in different methods of collecting money from victims affected by their threats. In the simplest of circumstances, a Trojan may cause some form of damage to your PC, and change file names to promote an e-mail address through which negotiations can take place. Other threats, like the Sanction Ransomware, prefer offering a more sophisticated means of ransom demands, with interactive pop-up windows and advanced UI components.

However well thought out its ransom collection method may be, the Sanction Ransomware still is reliant on typical file encrypting attacks for providing an original incentive for its victims to pay. The Sanction Ransomware targets non-critical files on your hard drive, such as images, audio files, spreadsheets or Microsoft Office documents. The Sanction Ransomware then runs them through an encryption routine, similar to that used by a file compressor (like WinZip). Unlike legitimate file encryptors, the Sanction Ransomware doesn't offer the PC user a free means of restoring their data to the original format. Instead, they're asked to pay a Bitcoin ransom (currently over a thousand USD in value) for getting the decryption service from the Sanction Ransomware's authors.

In comparison to other, equally threatening file encryptors, malware experts see the Sanction Ransomware emphasizing ease of use for its ransom payments. Its ransom message, an HTML pop-up, includes various fields for helping facilitate the ransom transaction process, culminating in a 'click to send decryption request' button. The accessibility of this process could lead more victims than usual into paying the Sanction Ransomware, although there still is a significant chance that con artists may collect the money without decrypting the data.

Preventing Bitcoin from Being a Sanctuary for Encryptor-Based Ransoms

Despite placing its victims under a strict time limit before supposedly deleting its decryption key, the Sanction Ransomware puts your information at risk without guaranteeing that the Sanction Ransomware can provide any services related to undoing its attacks. Until experts in the PC security industry distribute a free decryptor for this threat, malware experts place the most emphasis on using backups that can make the possibility of decrypting any files moot. Backups kept on habitually disconnected, removable drives, or cloud storage accounts, rarely are targets of attacks by file encryptors like the Sanction Ransomware. However, local backups and backups through easily-accessed network-shared drives may be vulnerable to encryption or deletion.

Most file encryptors prefer using e-mail-based infection vectors. Your anti-malware products can scan attachments accompanying new messages that may be capable of installing the Sanction Ransomware with a concealed Trojan dropper or exploit. In other circumstances, browser-based security features may be needed for blocking threatening Web content that could compromise your PC. Infection methods aside, you always should prioritize deleting the Sanction Ransomware with proper security software before restoring any encrypted files.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Rush/Sanction Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware Rush/Sanction Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.