SnowPicnic Ransomware

The SnowPicnic Ransomware is a variant of Hidden Tear, a family of file-locking Trojans. This threat can block various files on your computer by encrypting them and create multiple formats of ransoming notes that sell the author's decryption service. Besides backing up media for its protection, you can keep your PC safe by scanning your downloads before opening them, letting anti-malware programs remove the SnowPicnic Ransomware infections as they arise, and monitoring your RDP, firewall, and network settings for any vulnerabilities worth correcting.

Losing Access to Your Files is No Picnic

A branch of Hidden Tear is growing prolific lately particularly, either due to the popularity of that specific version of its source code, a still-unidentified Ransomware-as-a-Service business, or close file-sharing ties among criminals. With strong similarities to the also-recent EnybenyCrypt Ransomware and the Scrabber Ransomware, the SnowPicnic Ransomware shows that interest in using low-level encryption for the hostage-taking of media is far from dwindling. However, a poor grasp on the English language may harm the SnowPicnic Ransomware's chances of ransom collection.

The SnowPicnic Ransomware runs a hidden, AES encryption routine against files such as TXTs, DOCs, PNGs, JPGs, ZIPs, XLSs, and other media that isn't part of the Windows OS. The only feature that separates the SnowPicnic Ransomware's attack from the file-locking efforts of other Hidden Tear releases like the XeroWare Ransomware or the CryBrazil Ransomware is the appending of a 'snowpicnic' extension at the end of every name. AES encryption is, sometimes, decryptable with free software, although malware experts advise creating copies for testing the compatibility of free decryption applications since the wrong decryption routine can corrupt the file permanently.

The symptom of the SnowPicnic Ransomware that bears the most resemblance to other, recent versions of Utku Sen's Hidden Tear is the pair of ransoming instructions that the threat actor creates, in both HTML and TXT formats. Although the SnowPicnic Ransomware provides Bitcoin-ransoming instructions in English, the text specifies a fee of 'zero' Bitcoins, along with making other errors. While the SnowPicnic Ransomware may be a file-locking Trojan whose payload is in an 'in-progress' state probably, the file-locking attack does work, as usual.

Melting a Trojan's Plans of Snowfall

There are multiple, possible explanations for the SnowPicnic Ransomware's ransoming messages, which include the file-locker Trojan's requiring more development, its existence being nothing more than a 'prank,' or the criminal lacking significant familiarity with English. However, malware experts aren't prepared to narrow down the geographical operating regions of the SnowPicnic Ransomware's campaign. Although Russian AV entities were the first to identify the SnowPicnic Ransomware's samples, this file-locking Trojan, like nearly every version of Hidden Tear, may harm files on Windows PCs anywhere.

Free decryption solutions to Hidden Tear's numerous family members may or may not have any value against the latest releases. Backing up work to other devices that are safe from file-locker Trojans and their attacks traditionally, such as cloud services, will give all users a better possibility of saving their work without losing any money. Anti-malware products of most brands are effective at deleting the SnowPicnic Ransomware and other Hidden Tear-based threats equally, which exhibits any defenses of note rarely.

The SnowPicnic Ransomware could be arriving by e-mail, exploit kits, or even torrents, but how it installs itself should be less of a worry than whether it can attack the only version of your saved work. Even a single backup is a potent weapon against Trojans like the SnowPicnic Ransomware, whether they're asking for a great deal of money or none.