Sanctions Ransomware
Posted: April 4, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 9 |
| First Seen: | April 4, 2017 |
|---|---|
| Last Seen: | November 24, 2022 |
| OS(es) Affected: | Windows |
The Sanctions Ransomware is a Trojan (not directly related to the similar Sanction Ransomware) that can encrypt your files and load a Web page-based ransoming message. Threat actors distribute these Trojans to sell their decryption services to unlock the victim's encrypted data although these solutions may not be legitimate or functional. Besides backing up your files out of the Sanctions Ransomware's reach, you can protect your PC by having anti-malware tools removing the Sanctions Ransomware as soon as they detect it.
A Russian Bear Eyeing Your Files Hungrily
Con artists with ill-minded file-encrypting campaigns are maintaining their investments in easy to use, Web-based ransoming techniques that beguile their victims into paying money in blind faith. The Sanctions Ransomware is a new threat to use just such methods of coercion while it locks your files with a cipher simultaneously. Although some of the Sanctions Ransomware's symptoms are highly similar to the Dharma Ransomware family, malware analysts judge the two threats to be unconnected to each other technically.
Once again, the usual combination of the AES and RSA-based enciphering algorithms is in use for encrypting and blocking the files on your PC. The Sanctions Ransomware also appends the '.wallet' extension, also seeing used in other Trojan families, to help the victim determine which files it's locking. The Sanctions Ransomware's secondary symptom is the placement of a local Web page on either the desktop or the same directory as any encrypted content.
Malware analysts haven't seen the Sanctions Ransomware's Web page in other file-enciphering campaigns, but it does include much of the formatting preferences of old attacks. Its most high-visibility element is an image criticizing the US sanctions against Russia (although the text is entirely in English). The page also displays a unique ID number, an explanation of the encryption attack and a warning to pay Bitcoins within a time limit or lose your locked media. The Sanctions Ransomware offers the unusually generous limit of six days, possibly to alleviate the equally unheard of ransoming demands: six Bitcoins (roughly 6,500 USD).
Issuing the Only Sanctions that Work against Threats
The Sanctions Ransomware's threat actors are using the third-party service of Satoshibox.com for monetizing the decryptor solution's download instead of hosting an independent server. This change in hosting strategies could help the con artists update the payment methods of the Trojan campaign to avoid any interference from law enforcement or hosting companies. At the moment, the Sanctions Ransomware is too new for malware analysts to be able to verify whether or not any encrypted content is retrievable without taking the gamble of paying the ransom.
Restoring your encrypted files from a backup that the Sanctions Ransomware hasn't attacked is the least time-consuming and most dependable recovery option. For victims without backups, quarantining all threats with anti-malware products and seeking assistance from trusted entities in the anti-malware industry could provide a free decryption solution. Blocking the Trojan's installation by deleting the Sanctions Ransomware automatically with your anti-malware software upon its introduction to your system is highly recommended, as with any threats that can induce permanent data loss.
Malware experts emphasize that Trojans with very high ransoms, such as the Sanctions Ransomware, usually are in distribution in limited quantities against high-value targets such as entities in the business sector or branches of the government. Having employees who fail to follow basic network security guidelines is, increasingly, a mistake that may be too costly for anyone to afford.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.