Stroman Ransomware

Posted: October 17, 2017
Threat Metric
Threat Level: 8/10
Infected PCs 11,097

Stroman Ransomware Description

The Stroman Ransomware is a Trojan that can lock your files with encryption and create messages asking for payment to unlock them. The symptoms of the Stroman Ransomware infections include modifications to the extensions of any locked content and the appearance of new text files serving as ransom notes. Since malware experts can't confirm free decryption solutions for this threat, use backups to recover any files, as necessary, after having your anti-malware software uninstalling the Stroman Ransomware to halt any further loss of data.

A Fall Visit to Your Files from a Stranger

More commonly than otherwise, malware researchers can trace most cases of corrupted data encryption and their associated extortion attempts to specific families of Trojans, including both open-source models like Hidden Tear, and RaaS (Ransomware-as-a-Service) groups. However, some threat actors enter into the distribution phases of their attacks without providing a significant sample size for any external analysis, making Trojans like the Stroman Ransomware more difficult than usual to reverse-engineer. While it may or may not be part of a preexisting collective, the Stroman Ransomware is making live attacks against data to lock them for money currently.

Once it compromises a target PC, the Stroman Ransomware scans all local drives, also including network-mapped ones and peripheral devices potentially. The Stroman Ransomware locks any files it finds that match appropriate media formats such as DOC, JPG, BMP, ZIP, or XLS, by using an algorithm to encipher them. Malware experts can't confirm which cipher is in use with this attack, but any victims may identify the non-working files by the '.stroman' extensions that the Stroman Ransomware appends to their names.

The Stroman Ransomware also includes a ransom note-dropping feature that generates a Notepad file asking the user to negotiate through a threat actor's email address for a premium file-unlocking service. Current ransom prices are set at five hundred USD in value, although the note claims that the price will rise after three days. Similarly to families like the Globe Ransomware, the Stroman Ransomware also generates a customer-specific ID tag for marking any cash transactions and offers to unlock a small sample of content without any charge.

Removing the Mystery from Media-Imprisoning Attacks

Unlike most threats with indeterminate ancestries, the Stroman Ransomware is out of the testing stage of its development and is in active deployment against targets in the wild. Infection vectors that malware analysts often point out as recurrent issues for Trojans with the Stroman Ransomware's symptoms include:

  • Disguised attachments to email messages may trick a user into installing the Trojan semi-consensually.
  • Script-based attacks from corrupted or hacked websites such as Blacole or the RIG Exploit Kit may install the Stroman Ransomware without the victim's consent.
  • The brute-force hacking of local networks also can help con artists compromise a server and install arbitrary programs under their direction.

Since decryption for the Stroman Ransomware may not always be available, even for those who choose to pay its ransoms, any PC users with valuable media should secure it through backups that would allow them to recover non-locked copies, in the event of an infection. Anti-malware products also may uninstall the Stroman Ransomware before it can fully lock any media on a PC, an attack which, typically, displays few or no symptoms until after it inflicts all intended damages.

While the attacks of the Stroman Ransomware's campaign leave much open to further investigation, malware experts still are confirming its greatest weaknesses as being the same security protocols that also are a viable protection against more well-known threats, like Hidden Tear. Files are only as valuable as their owners presume them to be, and any document worth paying for also is worth backing up.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Stroman Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware Stroman Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.