Schwerer Ransomware
Posted: April 20, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 9 |
First Seen: | April 20, 2017 |
---|---|
Last Seen: | January 9, 2019 |
OS(es) Affected: | Windows |
The Schwerer Ransomware is an AutoIt-based Trojan that encrypts your files to hold them for ransom. Paying the ransom isn't a guaranteed recovery option and may motivate further development of this Trojan. Malware experts recommend restoring any locked data with other strategies without charge. In all cases, you should try to catch and delete the Schwerer Ransomware with an appropriate anti-malware product before it compromises your PC.
A Threatening Microorganism Evolves in the World of Macros
In terms malware experts often see, AutoIt is most notable for the macro-based vulnerabilities that Trojans can abuse for installing other, more sophisticated threats with limited or no consent. Some threat actors take this scripting platform to new heights, however, which can include functions as in-depth as enciphering files and launching pop-ups. The Schwerer Ransomware is the newest member of this minority of media-encrypting, AutoIt Trojans.
The Schwerer Ransomware is verifiable as being an independent program not arising from old families like the Utku Sen's Hidden Tear. It uses the AES-based encryption, but without the traditional pairing of RSA to prevent independent security analysts from decrypting the byproducts of its payload. Its most essential functions include blocking files with the previously-noted encryption cipher, preventing the user from opening content that can range from documents and Web pages to pictures and audio.
The Schwerer Ransomware's other symptom of note is its pop-up window, which its threat actors are using for delivering their ransoming demands for the decryption key. The interactive form includes a field for the victim's customized ID number, an encrypted file counter, and a built-in decryptor with a key entry. While the Schwerer Ransomware's authors request Bitcoin payments, that portion of the transaction isn't built into the Schwerer Ransomware's message and requires further negotiations over e-mail.
What's Cheaper than 150 Euros for Your Files
The Schwerer Ransomware's name is German, but its ransom demands are all in English text. Grammatical errors within the pop-up lead to the likely conclusion that the Schwerer Ransomware's authors chose English with the aid of an automatic translation tool for purposes of generous geographical dispersal to different victims. Also significant is the Schwerer Ransomware's use of the Euro symbol as a clear indication of what regions the campaign's infection vectors are targeting.
Malware experts are disinclined to recommend paying any ransom money that the Schwerer Ransomware demands in exchange for decrypting your files particularly. ESET security researchers are hosting a decryption software that can decode any content that this Trojan damages without costing Bitcoins or other cash transactions. Backups also are invaluable resources for recovering from all threats of this type without experiencing data loss, either before or after removing the Schwerer Ransomware with the anti-malware tools of your choosing.
The Schwerer Ransomware is a simplistic, script-based threat of under one megabyte in size, but is compatible with most versions of Windows. Even small downloads can come with large problems for those who don't bother to check for potential dangers or keep spares of their files for worst-case situations.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 620.03 KB (620032 bytes)
MD5: 3400d0f64623b161fd211c0044557af8
Detection count: 41
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: April 21, 2017
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.