Somik1 Ransomware
The Somik1 Ransomware is a file-locking Trojan whose code comes from Hidden Tear primarily, a previously public, open-source project. Infections can cause your files to stop opening, change their names, and create messages and pop-ups with ransom demands. Users can protect their data with traditional backup practices, as well as anti-malware services, for removing the Somik1 Ransomware automatically.
Hidden Tear Stops Hiding for the New Year
After a volatile debut many years ago, Hidden Tear is maintaining a smaller but still meaningful share of the file-locker Trojan market by providing criminals with free alternatives to premium Ransomware-as-a-Services. 2016 saw the trimmed-down EduCrypt Ransomware, 2017 gave the world the SkyName Ransomware and the CryptoKill Ransomware, 2019 spawned the politically-whimsical TrumpHead Ransomware, and 2020 is giving birth to the Somik1 Ransomware. The Trojan's current samples, while buggy, show fully how the threat actor intends on capitalizing on data-blocking attacks for making money.
Many elements of the Somik1 Ransomware's structure are familiar to readers of past articles focusing on threats of the same category. It runs in Windows, sets up Registry modifications and a mutex for persistence, and begins 'locking' files through an AES algorithm-using encryption feature. Malware experts see two extensions on filenames, so far: one that refers to the Trojan's name, and one that displays a free e-mail address for speaking with the threat actor.
Besides blocking files, such as documents or images, the Somik1 Ransomware also creates TXT and HTA-based ransoming notes. The former appears on the user's desktop, while the latter displays as an automatic pop-up window prominently. Both of them ask for a Bitcoin ransom for unlocking the files (without giving a price) and offer a limited, free sample of the service; these characteristics are standard among file-locker Trojans.
Drying Fresh Tears from Old Pains
Although the Somik1 Ransomware is far from being 'new' software, the modifications it makes to Hidden Tear aren't foolproof. Some versions that malware experts are analyzing include glitches that will generate 'unhandled exception' errors. Although victims shouldn't depend on these bugs for the safety of their work, the symptom is one clue of the presence of the threat that can encourage a prompt and aggressive counter-response.
However, most file-locker Trojans are well-coded sufficiently that they don't involve displaying errors before they've blocked all the intended content, including documents or potentially-irreplaceable databases. As a general precaution, all users should have backups somewhere besides an Internet-accessible personal computer. In rare cases, the Restore Points also might be available for emergency data recovery.
Roughly two-thirds of current AV threat databases provide heuristic detection metrics that are accurate against the Somik1 Ransomware's current builds. Anti-malware services, if present, should remove the Somik1 Ransomware on sight and keep its file-locking behavior from occurring.
The Somik1 Ransomware is terrible news for anyone running a RaaS business. As it turns out, 'freeware' Trojans remain prominent players in the Black Market and can give any criminal a free weapon for attacking any data, anywhere.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.