Spongebob 2.0 Ransomware
Posted: August 1, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 95 |
| First Seen: | July 31, 2017 |
|---|---|
| Last Seen: | April 18, 2018 |
| OS(es) Affected: | Windows |
The Spongebob 2.0 Ransomware is a Trojan that displays pop-ups claiming that your files are blocked by encryption, although malware experts have yet to see any working data-encrypting features within this program. While not a danger to your saved media currently, the Spongebob 2.0 Ransomware is a security risk and, regardless, may receive updates with an encryption functionality in the future. Based on its current payload, any qualified anti-malware program should delete the Spongebob 2.0 Ransomware without problems.
The Trojan Living in a Pineapple
Threat actors still are eager to imitate the currently-prominent WannaCryptor Ransomware family for giving their Trojans an appearance of professionalism and secure encryption. However, looking like something doesn't always correlate with being similar to it. With the latest Spongebob 2.0 Ransomware, malware experts can confirm that this Trojan's pop-up is the only resemblance the threat has to the WannaCryptor Ransomware currently.
The Spongebob 2.0 Ransomware contains no encryption feature and doesn't delete or otherwise damage the compromised computer's media. However, it does generate a pop-up window using an interactive HTML content, in imitation of the previously mentioned family of threats. Features that malware analysts find worth noting include particularly:
- The Spongebob 2.0 Ransomware shows a misappropriated image of Nickelodeon's Spongebob Squarepants character as a part of its branding. Related branding efforts also imply that the Trojan is the second version of this software, although no older variants appear to be available for analysis, at this time./li>
- The Trojan includes a UI element that imitates a loading bar, apparently to make the victims believe that the Spongebob 2.0 Ransomware is engaged in encrypting their media actively.
- The Spongebob 2.0 Ransomware displays a generic encryption warning and ransoming instructions for buying the decryption. The most rarely-seen detail of this note is the supposed offer of a 'free event' for victims who can't pay every six months. However, the Spongebob 2.0 Ransomware's campaign, as such, is less than a month old.
- The same window also provides a fake decryption feature that, supposedly, unlocks when the user pays Bitcoins to the provided wallet address. Because the Trojan doesn't encode anything, paying has no impact (other than impoverishing the victim).
Sending the Spongebob 2.0 Ransomware Back Under the Sea
As much as the Spongebob 2.0 Ransomware's choice of mascot makes an original statement, its threat actor also is trying to ride on the success of other Trojans without putting a comparable amount of effort into development. Until encryption features are part of the Spongebob 2.0 Ransomware's payload, the Trojan endangers users most greatly by spreading misinformation about its attacks and capacity for harming their computers. Many threats of this type do, eventually, receive updates that give them file-locking features, and malware experts recommend backing up your files as a fallback defense against such attacks.
More professionally-designed, file-ransoming Trojans often will spread with the help of Web-based threats like the RIG Exploit Kit, by attaching themselves to spam e-mails, or being installed through threat actors who have brute-forced the login of a protected server. However, for threats with limited capacity for harm, like the Spongebob 2.0 Ransomware, malware experts most often see them installing through fake, mislabeled downloads, particularly ones promoted through torrent networks and free software domains. Running anti-malware scans on all downloads not arriving from implicitly safe sources can let users detect and delete the Spongebob 2.0 Ransomware before it becomes an ongoing security problem.
The Spongebob 2.0 Ransomware is young, but already, has multiple counts of deceiving victims and using social engineering attacks to solicit money in exchange for nothing. A program's word never is better than that of its development team, which has readily obvious implications with a 'Black Hat' software like the Spongebob 2.0 Ransomware.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.