Home Malware Programs Ransomware Styver Ransomware

Styver Ransomware

Posted: February 28, 2018

The Styver Ransomware is a file-locker Trojan that's capable of using encryption to block your digital media, such as pictures, music or documents. The hostage files display new extensions indicating their locked status, and victims may find text messages asking them to pay for an unlocking program. Uninstalling the Styver Ransomware should be done by a reputable anti-malware product, and any required data restoration is most practical with backups.

Middle Eastern Conflict Goes Digital

File-locking threats aren't known for respecting borders, although some areas of the world, such as Europe, Russia, and North America, are more likely of being victimized than others. New incidents involving activity by a Styver Ransomware point to this Trojan using encryption attacks against Jordanian citizens, although malware experts suspect its payload is no less compatible with the PCs residing in other countries. Like such infamous names as the Globe Ransomware or Hidden Tear, the Styver Ransomware uses encryption for sabotaging data and, then, sells a solution to the problem it causes.

The Styver Ransomware appears to use an AES-based encryption method, with AES (or Rijndael) being one of the most commonly-employed algorithms for enciphering data and rendering it secure. These attacks run via a hidden, background process without symptoms for the victim to detect, until after all of the targeted files are in 'locked' formats. The Styver Ransomware also abides by the tradition of appending extension changes to these files, which, for example, renames 'apple.jpg' into 'apple.jpg.styver' instead.

This Trojan also uses a Base64 identifier for each infection, which is a part of the ransoming process. It drops a ransom note in a format that malware experts have yet to identify (TXT, HTML, and HTA being the most common choices) that asks the user to contact the threat actor's e-mail address for negotiating. Some of the typical negotiations among threat actors include cryptocurrency payments, like Bitcoin, that they may keep without providing any decryption or file-unlocking support.

Bringing Peace to Jordan – or, at Least, Its Computer Files

The Styver Ransomware's using an AOL-based e-mail account for its ransoming transaction, which is one of several signs that this Trojan's campaign is minimally-funded and not the work of an experienced threat actor. However, file-locking threats don't require a payload that's any more advanced than that of free programs, like Hidden Tear, or cheap RaaS rental models necessarily, to cause lingering damage to your data. Having backups of your files separated from your regular-use copies of them can give your media extra protection from encryption attacks, which are sometimes irrevocable.

E-mail attachments and brute-force breaches of networks often install file-locking Trojans, for attacks targeting corporate, government, and non-governmental organization entities particularly. However, individuals on recreational-use computers are more likely of infecting themselves via corrupted websites or downloads from file-sharing networks, such as torrents. Anti-malware programs can compensate for most of these attacks and should delete the Styver Ransomware without it having a window for encrypting your files.

Taking one's files for granted as being safe is a poor assumption in an age where computer data is, so often, actual money. Your nationality is no compensation for bad Web-surfing habits or allowing your backups to become out-of-date when Trojans like the Styver Ransomware come calling.

Loading...