Skull HT Ransomware

The Skull HT Ransomware is a new version of the Hidden Tear Trojan that can block arbitrary formats of media by encoding them with a cipher known to the threat actor. Since the ransomware is being distributed as a fake PDF file titled ‘The Art of Amazon Carding’, some antivirus product vendors may refer to it as the Amazon Carding Ransomware. Although related symptoms of the Skull HT Ransomware infections recommend buying the con artist's decryption tool for recovering your files, this data restoration method should be unnecessary for PC users with backups or willingness to research freeware decryption programs. Anti-malware products also may defend your PC by blocking and deleting the Skull HT Ransomware before it can attack your files.

Bad Actions may Pay, but not in the Expected Direction

The favoritism for skull-based themes in Trojans with extortion and data-locking attacks is continuing to hold this year, with last month's Skull Ransomware joined by the unaffiliated Skull HT Ransomware. Unlike the past threat, the Skull HT Ransomware is a minor update of Hidden Tear, with symptoms such as AES-based cryptography, a wallpaper hijacker and Notepad ransoming messages. However, the Skull HT Ransomware is most interesting to malware experts for the tactic it uses to compromise the victim's computer.

Threat actors are distributing the Skull HT Ransomware's executable with names describing it as a PDF document containing information on how to 'card' the Amazon online vendor fraudulently. As a wrong action, carding includes both distributing credit card-related identity credentials, as well as associated, fraudulent cash-transferring activities. The Skull HT Ransomware doesn't seem to have any built-in features for faking the presentation of this supposed document, once it opens, although it does leverage the standard ransom note and data-locking features of Hidden Tear.

Members of the Hidden Tear family use encryption to block pictures, documents, spreadsheets, and any other format of data that the threat actor specifies. The locked media usually is identifiable through an accompanying, appended extension, such as the Skull HT Ransomware's '.locked' string. After the attack, the Skull HT Ransomware swaps the victim's wallpaper to show a generalized warning and creates a text message to sell the file-unlocking solution to the PC's user.

Burying Bones Back Where They Belong

As a fake pamphlet on illicit activities, the Skull HT Ransomware is more likely than most file-locking Trojans of being on corrupted websites depicting harmful acts associated with online vendors and financial transactions. While malware experts would recommend avoiding such sites, which may include additional infection vectors, such as script-driven Exploit Kits, most anti-malware products should detect the Skull HT Ransomware's fraudulent extension and identify the program as being a danger to your computer. The Skull HT Ransomware also may be circulating through piracy-associated, file-sharing networks, such as torrents.

Any files that the Skull HT Ransomware locks are potentially curable through access to the author's custom decryption code. While the Skull HT Ransomware's ransom (under twenty dollars once converted from Bitcoins to US dollars) is unusually cheap, victims always should try to avoid rewarding the people operating these Trojan campaigns. Free decryption software compatible with Hidden Tear's family have a non-negligible chance of being able to retrieve your media, and any quality anti-malware product should uninstall the Skull HT Ransomware safely.

Poverty and misdeeds go hand-in-hand, and would-be cybercrooks might find it tempting to look up information on exploiting credit card practices. However, even for the desperate, breaking the law is fraught with hidden dangers like the Skull HT Ransomware that is trying to make money in different ways.