Silvertor Ransomware
The Silvertor Ransomware is a file-locking Trojan that's independent of traditional Ransomware-as-a-Services and other families of threats. However, like most of them, it blocks the user's media by encrypting it to extort Bitcoins for an unlocking solution. Unaffected backups are currently the best solution to this threat's attacks besides safely removing the Silvertor Ransomware with compatible anti-malware products.
Programs Throttling Your Files for Some Pieces of Silver
It's not for nothing that Ransomware-as-a-Services, with their risk-offloaded business model, exercise a heavy hand on the file-locking Trojan industry. This threat landscape also has room for independent operatives, though, and the Silvertor Ransomware is a suitable demonstration. This Windows Trojan leverages traditional, encryption-based attacks for turning its victims' distress into Bitcoins, but with some extra bells and whistles.
The Silvertor Ransomware is a little larger than most file-locking Trojans, at just over two megabytes, and is circulating with the highly-unusual name of 'twitter_can_demo.' Malware researchers have yet to establish whether or not the Silvertor Ransomware uses Twitter messages as its circulation platform, but social network-based tactics aren't uncommon among independent Trojans. The Silvertor Ransomware isn't highly-sophisticated but uses a living-off-the-land approach that abuses default, Windows tools like CMD and PowerShell in its payload.
The encryption that the Silvertor Ransomware uses has no known decryption or reversible solution and can lock most types of personal or work-related media content, such as documents, images, audio, and archives. The ransom note that the Silvertor Ransomware leaves afterward, in a Web page format, gives a deadline with a warning about further damage to the user's files and a 250 USD Bitcoin request. To date, its wallet has no transactions matching the ransom.
Depriving Threat Actors of Cherished Elusiveness
Besides being a non-familial Trojan in an industry that's increasingly dominated by families, the Silvertor Ransomware has another detail that makes its campaign noteworthy. Its e-mail address has connections to an Indian domain-based anonymity service with historical issues concerning cryptocurrency fraud. There always is a chance of the usage being a coincidence. Still, it further points to the risks of taking Trojans at their word and paying Bitcoins quickly, before realizing that nothing stops criminals from taking the money and exiting the situation.
Malware researchers can't verify any file-destruction 'triggers' in the Silvertor Ransomware's payload, but such an attack would be trivially-programmable. Users always should implement secure backups on other devices that can withstand attacks by Trojans with encryption, corruption or deletion-based features. The Silvertor Ransomware's campaign targets Windows users, like most, if not all, threats of its kind.
Besides backing up media, users also can take preemptively-helpful steps such as disabling JavaScript, installing software patches when available, and making sure that their passwords are strong against brute-forcing. Anti-malware programs should eliminate the Silvertor Ransomware on sight.
The Silvertor Ransomware has dire warnings for victims but little to show for its bluster. Keeping its wallet as empty as possible will help stop more Trojans just like it from appearing, regardless of the state of anonymous e-mail services.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.