Stroman Ransomware
Posted: October 17, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 7,367 |
|---|---|
| Threat Level: | 8/10 |
| Infected PCs: | 14,886 |
| First Seen: | October 17, 2017 |
|---|---|
| Last Seen: | March 10, 2025 |
| OS(es) Affected: | Windows |
The Stroman Ransomware is a Trojan that can lock your files with encryption and create messages asking for payment to unlock them. The symptoms of the Stroman Ransomware infections include modifications to the extensions of any locked content and the appearance of new text files serving as ransom notes. Since malware experts can't confirm free decryption solutions for this threat, use backups to recover any files, as necessary, after having your anti-malware software uninstalling the Stroman Ransomware to halt any further loss of data.
A Fall Visit to Your Files from a Stranger
More commonly than otherwise, malware researchers can trace most cases of corrupted data encryption and their associated extortion attempts to specific families of Trojans, including both open-source models like Hidden Tear, and RaaS (Ransomware-as-a-Service) groups. However, some threat actors enter into the distribution phases of their attacks without providing a significant sample size for any external analysis, making Trojans like the Stroman Ransomware more difficult than usual to reverse-engineer. While it may or may not be part of a preexisting collective, the Stroman Ransomware is making live attacks against data to lock them for money currently.
Once it compromises a target PC, the Stroman Ransomware scans all local drives, also including network-mapped ones and peripheral devices potentially. The Stroman Ransomware locks any files it finds that match appropriate media formats such as DOC, JPG, BMP, ZIP, or XLS, by using an algorithm to encipher them. Malware experts can't confirm which cipher is in use with this attack, but any victims may identify the non-working files by the '.stroman' extensions that the Stroman Ransomware appends to their names.
The Stroman Ransomware also includes a ransom note-dropping feature that generates a Notepad file asking the user to negotiate through a threat actor's email address for a premium file-unlocking service. Current ransom prices are set at five hundred USD in value, although the note claims that the price will rise after three days. Similarly to families like the Globe Ransomware, the Stroman Ransomware also generates a customer-specific ID tag for marking any cash transactions and offers to unlock a small sample of content without any charge.
Removing the Mystery from Media-Imprisoning Attacks
Unlike most threats with indeterminate ancestries, the Stroman Ransomware is out of the testing stage of its development and is in active deployment against targets in the wild. Infection vectors that malware analysts often point out as recurrent issues for Trojans with the Stroman Ransomware's symptoms include:
- Disguised attachments to email messages may trick a user into installing the Trojan semi-consensually.
- Script-based attacks from corrupted or hacked websites such as Blacole or the RIG Exploit Kit may install the Stroman Ransomware without the victim's consent.
- The brute-force hacking of local networks also can help con artists compromise a server and install arbitrary programs under their direction.
Since decryption for the Stroman Ransomware may not always be available, even for those who choose to pay its ransoms, any PC users with valuable media should secure it through backups that would allow them to recover non-locked copies, in the event of an infection. Anti-malware products also may uninstall the Stroman Ransomware before it can fully lock any media on a PC, an attack which, typically, displays few or no symptoms until after it inflicts all intended damages.
While the attacks of the Stroman Ransomware's campaign leave much open to further investigation, malware experts still are confirming its greatest weaknesses as being the same security protocols that also are a viable protection against more well-known threats, like Hidden Tear. Files are only as valuable as their owners presume them to be, and any document worth paying for also is worth backing up.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.