Strawhat Ransomware

Posted: September 1, 2017
Threat Metric
Threat Level: 10/10
Infected PCs 74

Strawhat Ransomware Description

The Strawhat Ransomware is a Trojan that claims to lock your files with a 'military-grade' encryption cipher, but the latest builds of this threat will modify only their names. Backing up your work to another system or drive that's not at risk of infection can prevent an updated version of the Strawhat Ransomware from causing any potential damage. You also can protect individual PCs by installing anti-malware products for removing the Strawhat Ransomware as soon as they detect it.

A Surprise Bill that might Cost You Your Files

German speakers are at risk for a new type of 'file-locking' campaign: one that carries the threat of encryption without the function. The Trojan's author is distributing the self-dubbed Strawhat Ransomware via fake PDFs naming it as a bill for non-specific services. However, the Trojan's payload limits itself to changing the names of the supposedly encrypted files while also providing all the ransom-themed demands necessary to confuse the PC's user.

The Strawhat Ransomware requires a VisualBasic PowerPacks component to run and will crash, without completing its attacks, on systems lacking this file. If it can run successfully, the Strawhat Ransomware generates semi-random characters that it appends, as new extensions, onto the names of the files that it misrepresents as being encrypted. No real encryption or data-corrupting features are present in the Strawhat Ransomware, for now, although its threat actor may plan to add them later.

Malware experts also find the Strawhat Ransomware dropping a ransom note that, in most characteristics, resembles those of an actual, file-locking Trojan's campaign. The Strawhat Ransomware claims to use 'military grade' encryption, generates an ID for the victim's use, and asks for Bitcoins before sending you a decryption code. Readers should remember that Bitcoins require consent from both parties for refunding, which means that paying the Strawhat Ransomware's ransom is unlikely to result in anything other than losing money without recourse.

Knocking Over a Trojan Made of Straw

In its present state, the Strawhat Ransomware is a danger to PC users who believe its ransoming instructions without testing their files to ascertain their validity predominantly. Renaming your media to remove any unwanted extensions should resolve any issues with your content refusing to open. Examples of formats malware analysts see the Strawhat Ransomware target with its fake encryption include movies (MKV or MOV), Microsoft Office work output (XLSM or PPTM), and various databases (SQL, SQLITE3, or CSV).

Internally, the Strawhat Ransomware exhibits many traits of being a product from a less experienced threat actor than those responsible for projects like EDA2 or the Jigsaw Ransomware. The Strawhat Ransomware uses inefficient file-filtering methods, a potentially buggy format of ransoming window that may be invisible until the user clicks it, and, as noted previously, requires an additional VB component. However, users still should have anti-malware programs to detect and remove the Strawhat Ransomware, rather than trying to identify the Trojan by sight since it uses misleading names intentionally.

Whether a Trojan is simple or complicated, it needs to get access to your PC to commence with further operations. Don't give remote attackers like the Strawhat Ransomware's author a foothold in your files by trusting an 'invoice' that's not from a source you can trust.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Strawhat Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware Strawhat Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.