Sadly Ransomware
Posted: August 31, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 12,492 |
|---|---|
| Threat Level: | 10/10 |
| Infected PCs: | 330 |
| First Seen: | September 1, 2017 |
|---|---|
| Last Seen: | October 3, 2023 |
| OS(es) Affected: | Windows |
The Sadly Ransomware is an update of the RanRans Ransomware from the Hidden Tear family. Current builds of this threat include bugs that prevent its payload from working as intended. However, future revisions could enable the Sadly Ransomware to block files on your PC permanently by encrypting them. Backing up your media can eliminate the potential bargaining leverage this Trojan could use for extorting money from you, and a variety of anti-malware products can uninstall the Sadly Ransomware or block its installation routine safely.
The RanRans Ransomware Ran Away from Good Coding Practices
Spring of 2017 became a time of rebirth for one variant of Hidden Tear, which began campaigns for encrypting data and extorting money afterward through Trojans like the BlackRose Ransomware and the RanRans Ransomware. Although malware experts see limited evidence of updates between then and now, that appears to be changing with the Sadly Ransomware, a new spin-off of these Trojans. Since its code is buggier than that of previous threats of the same sub-family, its appearance may be the work of a third-party threat actor instead of the original developer.
The Sadly Ransomware infections may attack popularly-used types of media, such as Word documents or Bitmap pictures, by trying to encrypt them using a Rijndael or the AES algorithm. Areas at risk include the contents of the user's Documents or Downloads folders along with desktop shortcuts. However, thanks to an invalid argument reference in the code, all samples of the Sadly Ransomware so far available to malware experts crash during their attempted encryption routine.
This Trojan also has a ransom-delivering component that's meant to solicit payments in exchange for the decryption service that the victim may or may not need for unlocking the above files. The threat actor is demanding an unspecified amount of money within sixty hours before claiming to delete the decryption key automatically. These attacks usually specify currencies with limited refund policies for the buyer, and victims should consider all alternate means of data restoration before paying for a code that the threat actor might not provide.
Keeping Sadness out of Your Files
Even though the Sadly Ransomware is an imperfect, glitched product with a payload that doesn't fully encrypt your PC's media, file-encrypting Trojans often experience updates that improve their attack features. At best, the Sadly Ransomware may crash before it can block any content of value on the PC. For users not interested in taking that risk, malware experts find backups as being the most stable and efficient solution for protecting documents, pictures, and other, often-attacked formats of data from file-encrypting threats.
The Sadly Ransomware is far from finished and has yet to provide any clear signals of its future distribution patterns. Con artists may attach installation exploits for this threat to spammed email messages, install the Trojan after brute-forcing access to a system, or bundle it in widely-distributed downloads through torrents. On the other hand, the Hidden Tear family has very little protection from detection by most security software, and any qualified anti-malware program should delete the Sadly Ransomware without needing any additional assistance.
The Sadly Ransomware's lapse of good programming practices is more concerning for its threat actor's profit margins than it is a sign of safety for anyone whom it might attack. A bug-riddled Trojan isn't a toothless one necessarily, and even bad encryption is a legitimate way of blocking a file indefinitely.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.