Skull Ransomware
Posted: September 5, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 46 |
| First Seen: | September 5, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The Skull Ransomware is a file-blocking Trojan that uses encryption to hold media hostage until you pay its ransom. Since this Trojan uses payment methods that don't allow you to refund, in the event of not receiving any decryption service, malware experts recommend using other methods of recovery for your data. Standard anti-malware programs can protect your PC by blocking and deleting the Skull Ransomware before it starts scanning your files.
A Skull and Bones Skinning Your Files Down to the Bone
One of the idiosyncrasies of mid-2017 is the profusion of skull-themed, file-locking Trojans that malware analysts catch either in deployment or development. Although their names and visual symptoms may include similarities, any common lineage between threats like the Haze Ransomware, the SkullLocker Ransomware, or the latest the Skull Ransomware is coincidental. The Skull Ransomware has yet to have any family it might belong to confirmed, although its payload uses traditional components that one also can see in threats like Hidden Tear or the Globe Ransomware.
The Skull Ransomware uses encryption with an unknown cipher to lock files like pictures, documents, and other formats that are traditional with Windows users currently. While encoding your media, the Skull Ransomware also changes their names with additional extensions that it inserts at the end, although, unlike most Trojans of the same classification, the Skull Ransomware uses random characters instead of a fixed string. Trying to open the encrypted files without decoding them will result in 'junk data' that the associated program, such as Word or Adobe's Acrobat Reader, can't read.
The second half of the Skull Ransomware's payload generates an HTML file for the victim, which contains the threat actor's iFrame-embedded instructions on paying to get a decryption key. With this key, the users can, theoretically, decode and restore their files. However, like most attempts at extortion through similar attacks, the Skull Ransomware's authors only accept payments via the Bitcoin cryptocurrency, which could let them take the money and eschew any responsibility for service.
Making the Skull Ransomware's Profits Stay Dead in the Ground
Although most ransom notes dropped by Trojans of this category are locally-generated pages, the Skull Ransomware provides a link to a remote website for processing its transactions. Since this site is a potential security risk, malware experts recommend that victims avoid visiting it, due to the possible exploits associated with the HTML iFrame content particularly. Having backups always can give you the simplest data-restoration solution available, but third-party security researchers also may assist with decrypting any content that the Skull Ransomware encodes.
Samples of the Skull Ransomware are in limited supply, and malware researchers have yet to confirm the existence of targeted attacks using this threat against typical victims, such as servers in the healthcare or energy sectors. On artists often try to introduce file-locking Trojans through e-mail forgeries that imitate legitimate notifications or messages and also may compromise your PC manually after cracking the local logins. Let your anti-malware products remove the Skull Ransomware automatically, when you can, and scan email attachments, and other downloads, that are likely infection vectors preemptively.
All that malware experts can say concerning the Skull Ransomware for certain is that this threat most likely is the product of new threat actors, using new formats of ransom notes. However, its set of features is no different from that of old ones like Hidden Tear, and users may block them by following the same security practices.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.