'Seven_legion@aol.com' Ransomware
Posted: August 26, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 30 |
First Seen: | August 26, 2016 |
---|---|
OS(es) Affected: | Windows |
The 'Seven_legion@aol.com' Ransomware is a Trojan that renames and encrypts your files while demanding ransom fees for returning them to their original formats. These transactions are highly unlikely of restoring your data, and, as a rule, malware experts suggest that you use other strategies for protecting any essential digital content. Remove the 'Seven_legion@aol.com' Ransomware like any other Trojan, by applying your anti-malware software and, then, recover your data by any means required afterward.
A Roman Army of Con Artists
The CrySiS construction kit for file encryption malware is responsible for almost numberless Trojan campaigns. Within these many infection scenarios, most of the individuals managing new releases of CrySiS-based Trojans like the Malevich Ransomware put up a pretense of upholding their end of any transactions. However, the 'Seven_legion@aol.com' Ransomware (and a rotation of other Trojans seemingly managed by the same threat actors) shows one of the worst possibilities of a file encryption attack: paying for your data and receiving nothing in return.
The 'Seven_legion@aol.com' Ransomware, the 'Legioner_seven@aol.com' Ransomware, and other threats in this close group continue leveraging similar encryption attacks using both the AES (for the initial encryption of your data) and the RSA (for protecting the generated key) algorithms. The 'Seven_legion@aol.com' Ransomware gives no notification or symptoms during these attacks, which search your hard drives for content according to preferred formats (of which malware experts can confirm DOC, JPG and PDF).
Afterward, any concerned PC operators can identify any encrypted content by the Trojan's renaming modifications. The renaming convention consists a new extension and other information related to the Trojan, including, most pertinently, the e-mail address for the extortion communications.
The 'Seven_legion@aol.com' Ransomware's administrators have a consistent history of refusing to provide a decryptor, but only after requesting money and pretending to provide a downloadable solution. To avoid the negative implications to their bottom line, they appear to be rotating through different e-mail addresses and variants of CrySiS Trojans, allowing them to continue receiving ransoms without revealing their unwillingness to return anything.
Routing the Trojan Army that's Afraid of Its Reputation
The choices of e-mail contacts favored by the 'Seven_legion@aol.com' Ransomware and its relatives is ironic, since, despite being Roman military-themed, its operators engage in subterfuge and avoid confronting their victims with anything less than a high level of deceit. CrySiS-based Trojans have limited opportunities for free decryption, and the refusal of the 'Seven_legion@aol.com' Ransomware's administrators to cooperate may make any encrypted content truly unrecoverable.
That danger, which is present in lesser amounts in all file encryption Trojans is why malware researchers always encourage using backups for your data preservation. Duplicate copies make it needless to break the 'Seven_legion@aol.com' Ransomware's cipher, making the supposedly invaluable decryption key just as worthless as the word of the 'Seven_legion@aol.com' Ransomware's administrators. Some PC users also may find value in attempting standard recovery options, such as the System Restore, in cases where the 'Seven_legion@aol.com' Ransomware fails to delete local backup data.
Russia and adjacent nations are at the highest risk of suffering further incursions from the 'Seven_legion@aol.com' Ransomware's campaign. However, all PC owners can benefit from keeping a good backup, or a good anti-malware program that can uninstall the 'Seven_legion@aol.com' Ransomware in a worst case situation.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.