SnakeLocker Ransomware
Posted: July 24, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 49 |
First Seen: | July 24, 2017 |
---|---|
OS(es) Affected: | Windows |
The SnakeLocker Ransomware is a Trojan that demands ransoms to restore your files after blocking them. Its encryption attacks are defensible most directly by having a secure backup from before an infection, although free decryption solutions sometimes are available to the public. Malware experts recommend backing up your files to remote devices and using anti-malware products for removing the SnakeLocker Ransomware from your computer safely.
Misdeeds are Slithering Up to Your Screen
While a majority of file-encoding threats are either members of a rental-based Trojan family or owe their creation to old code, not every Trojan has a highly traceable ancestry. Among the independents that malware experts are examining in late July, the SnakeLocker Ransomware is one of many that show all the usual features of data-encoding families like Hidden Tear. Although the SnakeLocker Ransomware does create easy-to-see symptoms, by the time it does so, the victim's media is already being locked.
While it's very new, malware researchers are confirming two versions of the SnakeLocker Ransomware circulating in the wild already. These variants deviate concerning some cosmetic symptoms primarily, and, otherwise, launch all of the same attacks detailed below:
- The SnakeLocker Ransomware uses a not yet identifiable, but most likely AES-based encryption algorithm for blocking files on the infected PC. Content that's encoded and locked can include documents, archives, Web pages, pictures and other media.
- Depending on which version of the threat is attacking, the names of your files also may have new '.snake' or '.TGIF' extensions that the SnakeLocker Ransomware appends to them automatically.
- Either variation of the SnakeLocker Ransomware drops a similar ransom note in a Web page-based format, to give the victim its ransom demands. The SnakeLocker Ransomware asks for 0.1 Bitcoin to decrypt and unlock your media, with the choice of a cryptocurrency preventing you from getting a refund if the threat actor goes back on his word.
Exterminating a Trojan Before Its Poison Spreads
The SnakeLocker Ransomware might owe its brand name to its author's preferred programming language: Python, the same platform that old threats like PyCL Ransomware also abuse. Although this choice could give the SnakeLocker Ransomware some minor protection from heuristics-based threat detection, it does nothing to enhance its encryption or the means by which victims could defend themselves against it. Having backups is always the favored solution for reversing all damages from an encryption attack, whether you install the SnakeLocker Ransomware accidentally or another threat actor runs it after compromising your PC.
Threat actors usually disguise Trojans like the SnakeLocker Ransomware as being non-threatening e-mail attachments, free software downloads, or even browser-delivered software updates. Use software with anti-malware features for identifying and removing the SnakeLocker Ransomware before it installs itself, or quarantining it afterward. Because of the high risk of the SnakeLocker Ransomware's deleting local backups, any data copies meant for recovery are safest on peripheral devices or cloud storage servers.
While malware researchers have been unable to confirm the infection methods for the SnakeLocker Ransomware's campaign, its Web presence in multiple editions is already demonstrating its author's work ethics. Anyone without similar diligence in preserving the valuable contents of their hard drives may find themselves at the sharp end of an extortion tactic.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 5.42 MB (5422249 bytes)
MD5: 7602f5d19df01ea70f957e23837024a8
Detection count: 99
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: July 27, 2017
file.exe
File name: file.exeSize: 5.46 MB (5468348 bytes)
MD5: f3fbc6000cfb7371623acd54efe853cb
Detection count: 0
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: July 27, 2017
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.