Shark Ransomware
Posted: August 16, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 62 |
| First Seen: | August 16, 2016 |
|---|---|
| OS(es) Affected: | Windows |
The Shark Ransomware is a Trojan that encrypts various files on your PC (determinable by a customized configuration menu) and displays a ransom message requesting both an e-mail address and a Bitcoin payment. While paying may or may not provide a decryption service, malware experts always recommend keeping backups that can prevent the Shark Ransomware from doing any irrecoverable file damage. You can identify this threat by the symptoms in this article and use appropriate anti-malware solutions for removing the Shark Ransomware safely.
The Surprise Waiting Beneath Cyber-Sea
Con artists interested in using software to harm others always are more numerous than the skills required to create this harmful software from scratch. However, a recurring characteristic of the threat industry is its capacity for delivering these tools to potentially incompetent hands, such as the rental model espoused by the Shark Ransomware. The Shark Ransomware is one of the few threatening file encryption kits malware experts have seen that require no programming knowledge at all.
Unlike most black market products, the Shark Ransomware's business is using WordPress hosting currently, rather than a TOR-based anonymous domain, to promote its free program downloads to potential distributors. Con artists can download the Shark Ransomware for free and then use a configuration file to set several values, including which files are encrypted in various locations, as well as what languages its ransom note uses and the size of the payment. The same download also includes the executable half of the Shark Ransomware that con artists distribute to the victim by whatever method they prefer.
This second executable encrypts the data on the infected PC, abiding by the settings noted in its configuration file. Malware experts also saw the Shark Ransomware adding the '.locked' extension to enciphered data, which does not appear to be configurable and, therefore, serves as one way of identifying the threat. However, this attribute is one that the Shark Ransomware does share with several other families of file encryption Trojans.
Once it encrypts and thereby blocks all targeted content, the Shark Ransomware then launches another executable component that loads a pop-up. This window displays the Shark Ransomware's ransom message and a request for an e-mail address, after which it demands a Bitcoin payment for its decryption service.
Keeping a Digital Predator from Preying on Your Computer
The Shark Ransomware is a particularly accessible Trojan that any remote attacker could use with no more knowledge than finding out the address of its downloadable installer. Although malware researchers and others within the industry are investigating possibilities in cracking weaknesses in the Shark Ransomware's encryption method, it still is a new threat and has no public decryptor available currently. Protecting your data beforehand, such as keeping a backup on a removable drive, is the defense most likely to keep the Shark Ransomware from doing irreversible damage.
The Shark Ransomware infections show symptoms that are very high in visibility. Due to its configuration possibilities, the encrypted content may vary its location or format. However, you always can identify encrypted information by searching for the '.locked' extension. Victims also may look for a database that the Shark Ransomware includes in its installation (found at %UserProfile%\AppData\Roaming\Settings\files.ini), which lists all enciphered content by name.
Use your anti-malware tools for removing the Shark Ransomware, which includes misleadingly-named components in different locations of your hard drive. As long as predators like the Shark Ransomware make themselves available to third parties easily, PC owners will need to protect themselves from all possible infection vectors, including routes as different as e-mail attachments, fake software updates and misnamed torrents.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.